PT-2021-13162 · Google · Android

Published

2021-06-01

Updated

2022-07-12

CVE-2021-0513

CVSS v3.1

7.8

High

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions: Android versions 8.1 through 11

Description: The issue is related to a possible permission bypass in the NotificationManagerService.java due to improper state validation. This could lead to local escalation of privilege via hidden services with no additional execution privileges needed. User interaction is not needed for exploitation.

Recommendations: For Android versions 8.1 through 11, update to a version that includes the fix for the improper state validation in NotificationManagerService.java. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Missing Authorization

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-862

Related Identifiers

ASB-A-156090809

CVE-2021-0513

Affected Products

Android

PT-2021-13162 · Google · Android

CVE-2021-0513

Weakness Enumeration

Related Identifiers

Affected Products

References · 5