CVE-2020-0084

HIGH

Android 10 - Unauthenticated Privilege Escalation via NotificationManagerService Permission Bypass

Title source: llm
STIX 2.1

Description

In several functions of NotificationManagerService.java, there are missing permission checks. This could lead to local escalation of privilege by creating fake system notifications with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-143339775

References (1)

Core 1
Core References

Scores

CVSS v3 7.8
EPSS 0.0015
EPSS Percentile 4.6%
Attack Vector LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-862
Status published
Products (1)
google/android 10.0
Published Mar 10, 2020
Tracked Since Feb 18, 2026