CVE-2022-20214 — UI Misrepresentation / Clickjacking in Google Android

CWE-1021 — UI Misrepresentation / Clickjacking2 documents2 sources

Severity

4.7MEDIUMNVD

EPSS

0.1%

top 74.90%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Google Android

Timeline

PublishedJan 26

Description

In Car Settings app, the toggle button in Modify system settings is vulnerable to tapjacking attack. Attackers can overlay the toggle button to enable apps to modify system settings without user consent.Product: AndroidVersions: Android-10 Android-11 Android-12Android ID: A-183411210

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:NExploitability: 2.8 | Impact: 1.4

Affected Packages2 packages

▶CVEListV5google/androidAndroid-10 Android-11 Android-12

▶NVDgoogle/android10.0, 11.0, 12.0+2

🔴Vulnerability Details

GHSA

GHSA-2c4q-pqm9-78g4: In Car Settings app, the toggle button in Modify system settings is vulnerable to tapjacking attack↗2023-01-26

▶