Improper Privilege Management in Google Android - CVE-2020-0403

 

Improper Privilege Management in Google Android - CVE-2020-0403

Published: September 17, 2020 / Updated: September 24, 2020


Vulnerability identifier: #VU47045
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2020-0403
CWE-ID: CWE-269
Exploitation vector: Local access
Exploit availability: No public exploit available
Vendor: Google
Affected software:
Google Android

Detailed vulnerability description

The vulnerability allows a local privileged user to execute arbitrary code.

In the FPC TrustZone fingerprint App, there is a possible invalid command handler due to an exposed test feature. This could lead to local escalation of privilege in the TEE, with System execution privileges required. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-131252923


How to mitigate CVE-2020-0403

Install update from vendor's website.

Sources