CVE-2021-0319

HIGH Year: 2021
CVSS v3 Score
7.3
High
CVSS v2 Score
4.4
Medium
Weakness Type
CWE-863
View all →

Vulnerability Description

In checkCallerIsSystemOr of CompanionDeviceManagerService.java, there is a possible way to get a nearby Bluetooth device's MAC address without appropriate permissions due to a permissions bypass. This could lead to local escalation of privilege that grants access to nearby MAC addresses, with User execution privileges needed. User interaction is needed for exploitation. Product: Android; Versions: Android-8.0, Android-8.1, Android-9, Android-10, Android-11; Android ID: A-167244818.

Related Vulnerabilities

CVE-2019-6855

HIGH
CVSS:7.3(High)

Incorrect Authorization vulnerability exists in EcoStruxure Control Expert (all versions prior to 14.1 Hot Fix), Unity Pro (all versions), Modicon M340 (all versions prior to V3.20) , and Modicon M580...

CWE-8632019

CVE-2020-4877

HIGH
CVSS:7.3(High)

IBM Cognos Controller 10.4.0, 10.4.1, and 10.4.2 could be vulnerable to unauthorized modifications by using public fields in public classes. IBM X-Force ID: 190843.

CWE-8632020

CVE-2023-5521

HIGH
CVSS:7.3(High)

Incorrect Authorization in GitHub repository tiann/kernelsu prior to v0.6.9.

CWE-8632023

CVE-2024-13291

HIGH
CVSS:7.3(High)

Incorrect Authorization vulnerability in Drupal Basic HTTP Authentication allows Forceful Browsing.This issue affects Basic HTTP Authentication: from 7.X-1.0 before 7.X-1.4.

CWE-8632024

CVE-2024-3957

HIGH
CVSS:7.3(High)

The Booster for WooCommerce plugin is vulnerable to Unauthenticated Arbitrary Shortcode Execution in versions up to, and including, 7.1.8. This allows unauthenticated attackers to execute arbitrary sh...

CWE-8632024