CVE-2021-39691

HIGH Year: 2021
CVSS v3 Score
7.3
High
CVSS v2 Score
6.9
Medium
Weakness Type
CWE-1021
View all →

Vulnerability Description

In WindowManager, there is a possible tapjacking attack due to an incorrect window flag when processing user input. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12Android ID: A-157929241

Related Vulnerabilities

CVE-2019-2125

HIGH
CVSS:7.3(High)

In ChangeDefaultDialerDialog.java, there is a possible escalation of privilege due to an overlay attack. This could lead to local escalation of privilege, granting privileges to a local app without th...

CWE-10212019

CVE-2021-0314

HIGH
CVSS:7.3(High)

In onCreate of UninstallerActivity, there is a possible way to uninstall an all without informed user consent due to a tapjacking/overlay attack. This could lead to local escalation of privilege with ...

CWE-10212021

CVE-2021-0315

HIGH
CVSS:7.3(High)

In onCreate of GrantCredentialsPermissionActivity.java, there is a possible way to convince the user to grant an app access to an account due to a tapjacking/overlay attack. This could lead to local e...

CWE-10212021

CVE-2021-0331

HIGH
CVSS:7.3(High)

In onCreate of NotificationAccessConfirmationActivity.java, there is a possible overlay attack due to an insecure default value. This could lead to local escalation of privilege and notification acces...

CWE-10212021

CVE-2021-0333

HIGH
CVSS:7.3(High)

In onCreate of BluetoothPermissionActivity.java, there is a possible permissions bypass due to a tapjacking overlay that obscures the phonebook permissions dialog when a Bluetooth device is connecting...

CWE-10212021

CVE-2021-0446

HIGH
CVSS:7.3(High)

In ImportVCardActivity, there is a possible way to bypass user consent due to a tapjacking/overlay attack. This could lead to local escalation of privilege with User execution privileges needed. User ...

CWE-10212021