Main Vulnerability Database Vulnerabilities #VU34352

#VU34352 Improper Privilege Management in Google Android - CVE-2020-0114

Published: June 10, 2020 / Updated: September 11, 2020

Vulnerability identifier: #VU34352

Vulnerability risk: Low

CVSSv4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/U:Clear

CVE-ID: CVE-2020-0114

CWE-ID: CWE-269

Exploitation vector: Local access

Exploit availability: Public exploit is available

Vulnerable software:
Google Android

Software vendor:
Google

Description

The vulnerability allows a local authenticated user to execute arbitrary code.

In onCreateSliceProvider of KeyguardSliceProvider.java, there is a possible confused deputy due to a PendingIntent error. This could lead to local escalation of privilege that allows actions performed as the System UI, with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-147606347

Remediation

Install update from vendor's website.

External links

https://source.android.com/security/bulletin/2020-06-01

#VU34352 Improper Privilege Management in Google Android - CVE-2020-0114

Description

Remediation

External links

Please verify you're human