CVE-2015-3854

HIGH

Android 5.x - Improper Access Control via PNW.stopSaver Broadcast Intent

Title source: llm
STIX 2.1

Description

packages/SystemUI/src/com/android/systemui/power/PowerNotificationWarnings.java in Android 5.x allows attackers to bypass a DEVICE_POWER permission requirement via a broadcast intent with the PNW.stopSaver action, aka internal bug 20918350.

References (3)

Core 3
Core References
Mailing List, Third Party Advisory mailing-list x_refsource_fulldisc
http://seclists.org/fulldisclosure/2016/May/71
Mailing List, Third Party Advisory mailing-list x_refsource_fulldisc
http://seclists.org/fulldisclosure/2016/May/72

Scores

CVSS v3 7.5
EPSS 0.0054
EPSS Percentile 41.6%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Details

CWE
CWE-284
Status published
Products (6)
google/android 5.0
google/android 5.0.1
google/android 5.0.2
google/android 5.1
google/android 5.1.0
google/android 5.1.1
Published Aug 07, 2016
Tracked Since Feb 18, 2026