Untrusted WiFi Network Connection Vulnerability in ConnectToNetworkNotificationBuilder

Untrusted WiFi Network Connection Vulnerability in ConnectToNetworkNotificationBuilder

CVE-2021-0385 · HIGH Severity

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

In createConnectToAvailableNetworkNotification of ConnectToNetworkNotificationBuilder.java, there is a possible connection to untrusted WiFi networks due to notification interaction above the lockscreen. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-172584372

Learn more about our Cis Benchmark Audit For Google Android.