Possible Permissions Bypass in BluetoothOppNotification.java Allows Unauthorized File Transfer via Bluetooth
CVE-2020-0473 · MEDIUM Severity
CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
In updateIncomingFileConfirmNotification of BluetoothOppNotification.java, there is a possible permissions bypass. This could lead to local escalation of privilege allowing an attacker with physical possession of the device to transfer files to it over Bluetooth, with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-160691486
Learn more about our Cis Benchmark Audit For Google Android.