Vulnerabilities > CVE-2020-0473 - Incorrect Authorization vulnerability in Google Android 11.0

CVSS 4.6 - MEDIUM

Attack vector

PHYSICAL

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

HIGH

Availability impact

NONE

low complexity

google

CWE-863

NVD

Published: 2020-12-15

Updated: 2020-12-16

Summary

In updateIncomingFileConfirmNotification of BluetoothOppNotification.java, there is a possible permissions bypass. This could lead to local escalation of privilege allowing an attacker with physical possession of the device to transfer files to it over Bluetooth, with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-160691486

Vulnerable Configurations

Part	Description	Count
OS	Google Google Android 11.0	1

Common Weakness Enumeration (CWE)

CWE-863 - Incorrect Authorization

References

https://source.android.com/security/bulletin/pixel/2020-12-01