Overview
- Description
- In onResume of AppManagementFragment.java, there is a possible way to prevent users from forgetting a previously connected VPN due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12Android ID: A-205460459
- Source
- security@android.com
- NVD status
- Analyzed
Risk scores
CVSS 3.1
- Type
- Primary
- Base score
- 7.8
- Impact score
- 5.9
- Exploitability score
- 1.8
- Vector string
- CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
- Severity
- HIGH
Weaknesses
- nvd@nist.gov
- CWE-20
Social media
- Hype score
- Not currently trending
Configurations
[ { "nodes": [ { "negate": false, "cpeMatch": [ { "criteria": "cpe:2.3:o:google:android:11.0:-:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F120D280-287A-474F-9DC5-CBBC4B4C7237" }, { "criteria": "cpe:2.3:o:google:android:12.0:-:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "16820CAF-0A8A-45C8-B5A8-979EA0407389" } ], "operator": "OR" } ] } ]