CVE-2020-0386

MEDIUM

Android - Privilege Escalation

Title source: llm

Description

In onCreate of RequestPermissionActivity.java, there is a possible tapjacking vector due to an insecure default value. This could lead to local escalation of privilege allowing an attacker to set Bluetooth discoverability with User execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1 Android-9 Android-10 Android-11Android ID: A-155650356

References (1)

[Patch, Vendor Advisory] https://source.android.com/security/bulletin/2020-09-01

Scores

CVSS v3 5.5

EPSS 0.0004

EPSS Percentile 12.6%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

Details

CWE

CWE-1188 CWE-1021

Status published

Products (5)

google/android 8.0

google/android 8.1

google/android 9.0

google/android 10.0

google/android 11.0

Published Sep 17, 2020

Tracked Since Feb 18, 2026