CVE-2021-0390Missing Authorization in Google Android

CWE-862Missing AuthorizationCWE-732Incorrect Permission Assignment5 documents5 sources
Severity
7.8HIGHNVD
EPSS
0.1%
top 79.20%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Platform Frameworks OPT NET WifiGoogle Android
Timeline
PublishedMar 10
Latest updateMay 24

Description

In various methods of WifiNetworkSuggestionsManager.java, there is a possible modification of suggested networks due to a missing permission check. This could lead to local escalation of privilege by a background user on the same device with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-8.1 Android-9 Android-10Android ID: A-174749461

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages3 packages

CVEListV5google/androidAndroid-11 Android-8.1 Android-9 Android-10
NVDgoogle/android4 versions+3
Androidplatform/frameworks_opt_net_wifi8.1:08.1:2021-03-01+3

🔴Vulnerability Details

3
GHSA
GHSA-97g6-w5qr-9m8r: In various methods of WifiNetworkSuggestionsManager2022-05-24
CVEList
CVE-2021-0390: In various methods of WifiNetworkSuggestionsManager2021-03-10
OSV
CVE-2021-0390: In various methods of WifiNetworkSuggestionsManager2021-03-01

📋Vendor Advisories

1
Android
CVE-2021-0390: Android Security Bulletin 2021-03-01 CVE: CVE-2021-0390 Severity: HIGH Type: EoP Affected AOSP versions: 82021-03-01
CVE-2021-0390 — Missing Authorization in Google Android | cvebase