Vulnerabilities > CVE-2021-0434 - Unspecified vulnerability in Google Android 10.0/11.0/9.0
Attack vector
LOCAL Attack complexity
MEDIUM Privileges required
NONE Confidentiality impact
COMPLETE Integrity impact
COMPLETE Availability impact
COMPLETE local
google
Summary
In onReceive of BluetoothPermissionRequest.java, there is a possible phishing attack allowing a malicious Bluetooth device to acquire permissions based on insufficient information presented to the user in the consent dialog. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-9Android ID: A-167403112
Vulnerable Configurations
Part | Description | Count |
---|---|---|
OS | 3 |