CVE-2021-39658
CRITICALAndroid - Incorrect Default Permissions in ismsEx Service
Title source: llmDescription
ismsEx service is a vendor service in unisoc equipment。ismsEx service is an extension of sms system service,but it does not check the permissions of the caller,resulting in permission leaks。Third-party apps can use this service to arbitrarily modify and set system properties。Product: AndroidVersions: Android SoCAndroid ID: A-207479207
References (1)
Core 1
Core References
Vendor Advisory x_refsource_misc
https://source.android.com/security/bulletin/2022-02-01
Scores
CVSS v3
9.8
EPSS
0.0055
EPSS Percentile
41.8%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-276
Status
published
Products (1)
google/android
Published
Feb 11, 2022
Tracked Since
Feb 18, 2026