Vulnerabilities > CVE-2021-39702 - Improper Restriction of Rendered UI Layers or Frames vulnerability in Google Android 12.0
Attack vector
NETWORK Attack complexity
MEDIUM Privileges required
NONE Confidentiality impact
COMPLETE Integrity impact
COMPLETE Availability impact
COMPLETE Summary
In onCreate of RequestManageCredentials.java, there is a possible way for a third party app to install certificates without user approval due to a tapjacking/overlay attack. This could lead to local escalation of privilege with User execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-12Android ID: A-205150380
Vulnerable Configurations
Part | Description | Count |
---|---|---|
OS | 1 |