CVE-2021-0538

HIGH Year: 2021
CVSS v3 Score
7.3
High
CVSS v2 Score
4.4
Medium
Weakness Type
CWE-1021
View all →

Vulnerability Description

In onCreate of EmergencyCallbackModeExitDialog.java, there is a possible exit of emergency callback mode due to a tapjacking/overlay attack. This could lead to local escalation of privilege with User execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-178821491

Related Vulnerabilities

CVE-2019-2125

HIGH
CVSS:7.3(High)

In ChangeDefaultDialerDialog.java, there is a possible escalation of privilege due to an overlay attack. This could lead to local escalation of privilege, granting privileges to a local app without th...

CWE-10212019

CVE-2021-0314

HIGH
CVSS:7.3(High)

In onCreate of UninstallerActivity, there is a possible way to uninstall an all without informed user consent due to a tapjacking/overlay attack. This could lead to local escalation of privilege with ...

CWE-10212021

CVE-2021-0315

HIGH
CVSS:7.3(High)

In onCreate of GrantCredentialsPermissionActivity.java, there is a possible way to convince the user to grant an app access to an account due to a tapjacking/overlay attack. This could lead to local e...

CWE-10212021

CVE-2021-0331

HIGH
CVSS:7.3(High)

In onCreate of NotificationAccessConfirmationActivity.java, there is a possible overlay attack due to an insecure default value. This could lead to local escalation of privilege and notification acces...

CWE-10212021

CVE-2021-0333

HIGH
CVSS:7.3(High)

In onCreate of BluetoothPermissionActivity.java, there is a possible permissions bypass due to a tapjacking overlay that obscures the phonebook permissions dialog when a Bluetooth device is connecting...

CWE-10212021

CVE-2021-0446

HIGH
CVSS:7.3(High)

In ImportVCardActivity, there is a possible way to bypass user consent due to a tapjacking/overlay attack. This could lead to local escalation of privilege with User execution privileges needed. User ...

CWE-10212021