PT-2021-13053 · Google · Android
Published
2021-03-10
·
Updated
2021-03-12
·
CVE-2021-0375
CVSS v3.1
5.5
Medium
| Vector | AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N |
Name of the Vulnerable Software and Affected Versions:
Android version Android-11
Description:
In the
onPackageModified function of VoiceInteractionManagerService.java, there is a possible change of default applications due to an insecure default value. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Recommendations:
For Android version Android-11, update to a version that includes a fix for this issue, as the current version has an insecure default value that could lead to local escalation of privilege.
At the moment, there is no information about a newer version that contains a fix for this vulnerability.
Use of Insufficiently Random Values
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Android