PT-2021-13035 · Google · Android
Le Wu
+1
·
Published
2021-02-02
·
Updated
2021-02-23
·
CVE-2021-0356
CVSS v3.1
6.7
Medium
| Vector | AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions:
Android versions Android-10 through Android-11
Description:
In netdiag, there is a possible command injection due to improper input validation. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.
Recommendations:
For Android versions Android-10 through Android-11, apply the patch with ID ALPS05442014 to resolve the issue. As a temporary workaround, consider restricting access to the netdiag component to minimize the risk of exploitation.
Fix
Command Injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Android