Missing Permission Checks in NotificationManagerService.java Allows Local Privilege Escalation
CVE-2020-0084 · HIGH Severity
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
In several functions of NotificationManagerService.java, there are missing permission checks. This could lead to local escalation of privilege by creating fake system notifications with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-143339775
Learn more about our Cis Benchmark Audit For Google Android.