Arbitrary User Notification Disabling Vulnerability in Android-12 (A-195111725)

Arbitrary User Notification Disabling Vulnerability in Android-12 (A-195111725)

CVE-2021-1020 · HIGH Severity

CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

In snoozeNotification of NotificationListenerService.java, there is a possible way to disable notification for an arbitrary user due to improper input validation. This could lead to local escalation of privilege with User execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-12Android ID: A-195111725

Learn more about our Cis Benchmark Audit For Google Android.