Possible Permissions Bypass in BluetoothOppNotification.java Allows Unauthorized File Transfer via Bluetooth

Possible Permissions Bypass in BluetoothOppNotification.java Allows Unauthorized File Transfer via Bluetooth

CVE-2020-0473 · MEDIUM Severity

CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

In updateIncomingFileConfirmNotification of BluetoothOppNotification.java, there is a possible permissions bypass. This could lead to local escalation of privilege allowing an attacker with physical possession of the device to transfer files to it over Bluetooth, with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-160691486

Learn more about our Cis Benchmark Audit For Google Android.