Missing Permission Checks in NotificationManagerService.java Allows Local Privilege Escalation

Missing Permission Checks in NotificationManagerService.java Allows Local Privilege Escalation

CVE-2020-0084 · HIGH Severity

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

In several functions of NotificationManagerService.java, there are missing permission checks. This could lead to local escalation of privilege by creating fake system notifications with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-143339775

Learn more about our Cis Benchmark Audit For Google Android.