#VU34883 Improper Privilege Management in Google Android - CVE-2020-0001
Published: January 8, 2020 / Updated: January 6, 2021
Vulnerability identifier: #VU34883
Vulnerability risk: Low
CVSSv4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/U:Clear
CVE-ID: CVE-2020-0001
CWE-ID: CWE-269
Exploitation vector: Local access
Exploit availability:
Public exploit is available
Vulnerable software:
Google Android
Google Android
Software vendor:
Google
Description
The vulnerability allows a local authenticated user to execute arbitrary code.
In getProcessRecordLocked of ActivityManagerService.java isolated apps are not handled correctly. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-8.0, Android-8.1, Android-9, and Android-10 Android ID: A-140055304
Remediation
Install update from vendor's website.