CVE-2020-0396 — Incorrect Authorization in Frameworks OPT Telephony

CWE-863 — Incorrect Authorization5 documents5 sources

Severity

5.5MEDIUMNVD

EPSS

0.0%

top 97.41%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Platform Frameworks OPT Telephony Platform Packages Apps Settings Google Android

Timeline

PublishedSep 17

Latest updateMay 24

Description

In various places in Telephony, there is a possible permission bypass due to an unsafe PendingIntent. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.1 Android-9 Android-10 Android-11 Android-8.0Android ID: A-155094269

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:NExploitability: 1.8 | Impact: 3.6

Affected Packages4 packages

▶CVEListV5google/androidAndroid-8.1 Android-9 Android-10 Android-11 Android-8.0

▶NVDgoogle/android4 versions+3

▶Androidplatform/frameworks_opt_telephony8.0:0 — 8.0:2020-09-01+3

▶Androidplatform/packages_apps_settings8.0:0 — 8.0:2020-09-01+3

🔴Vulnerability Details

GHSA

GHSA-6w3q-44cj-75vr: In various places in Telephony, there is a possible permission bypass due to an unsafe PendingIntent↗2022-05-24

▶

CVEList

CVE-2020-0396: In various places in Telephony, there is a possible permission bypass due to an unsafe PendingIntent↗2020-09-17

▶

OSV

CVE-2020-0396: In various places in Telephony, there is a possible permission bypass due to an unsafe PendingIntent↗2020-09-01

▶

📋Vendor Advisories

Android

CVE-2020-0396: Android Security Bulletin 2020-09-01 CVE: CVE-2020-0396 Severity: CRITICAL Type: ID Affected AOSP versions: 8↗2020-09-01

▶