CVE-2020-0416

HIGH

Android - Privilege Escalation

Title source: llm

Description

In multiple settings screens, there are possible tapjacking attacks due to an insecure default value. This could lead to local escalation of privilege and permissions with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-9 Android-10 Android-11 Android-8.0 Android-8.1Android ID: A-155288585

Exploits (2)

nomisec WORKING POC

by Satheesh575555 · poc

https://github.com/Satheesh575555/packages_apps_Settings_AOSP10_r33_CVE-2020-0416

View Code ZIP pw:eip

nomisec WORKING POC

by ShaikUsaf · poc

https://github.com/ShaikUsaf/packages_apps_settings_AOSP10_r33_CVE-2020-0416

View Code ZIP pw:eip

References (1)

[Patch, Vendor Advisory] https://source.android.com/security/bulletin/2020-10-01

Scores

CVSS v3 8.8

EPSS 0.0024

EPSS Percentile 47.3%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Details

CWE

CWE-1188

Status published

Products (5)

google/android 8.0

google/android 8.1

google/android 9.0

google/android 10.0

google/android 11.0

Published Oct 14, 2020

Tracked Since Feb 18, 2026