CVE-2020-0395Incorrect Authorization in Google Android

CWE-863Incorrect Authorization5 documents5 sources
Severity
5.5MEDIUMNVD
EPSS
0.0%
top 96.18%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Platform Frameworks OPT TelephonyPlatform Packages Services TelephonyGoogle Android
Timeline
PublishedSep 17
Latest updateMay 24

Description

In showNotification of EmergencyCallbackModeService.java, there is a possible permission bypass due to an unsafe PendingIntent. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1 Android-9 Android-10 Android-11Android ID: A-154124307

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:NExploitability: 1.8 | Impact: 3.6

Affected Packages4 packages

CVEListV5google/androidAndroid-8.0 Android-8.1 Android-9 Android-10 Android-11
NVDgoogle/android4 versions+3
Androidplatform/frameworks_opt_telephony8.0:08.0:2020-09-01+3
Androidplatform/packages_services_telephony8.0:08.0:2020-09-01+3

🔴Vulnerability Details

3
GHSA
GHSA-8h32-fwqj-xv4x: In showNotification of EmergencyCallbackModeService2022-05-24
CVEList
CVE-2020-0395: In showNotification of EmergencyCallbackModeService2020-09-17
OSV
CVE-2020-0395: In showNotification of EmergencyCallbackModeService2020-09-01

📋Vendor Advisories

1
Android
CVE-2020-0395: Android Security Bulletin 2020-09-01 CVE: CVE-2020-0395 Severity: HIGH Type: ID Affected AOSP versions: 82020-09-01
CVE-2020-0395 — Incorrect Authorization in Google | cvebase