Arbitrary User Notification Disabling Vulnerability in Android-12 (A-195111725)
CVE-2021-1020 · HIGH Severity
CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
In snoozeNotification of NotificationListenerService.java, there is a possible way to disable notification for an arbitrary user due to improper input validation. This could lead to local escalation of privilege with User execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-12Android ID: A-195111725
Learn more about our Cis Benchmark Audit For Google Android.