CVE-2020-0416

moderate-risk
Published 2020-10-14

In multiple settings screens, there are possible tapjacking attacks due to an insecure default value. This could lead to local escalation of privilege and permissions with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-9 Android-10 Android-11 Android-8.0 Android-8.1Android ID: A-155288585

Do I need to act?

-
0.24% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
8
CVSS 8.8/10 High
NETWORK / LOW complexity

Affected Products (5)

Affected Vendors

Google

References (2)

Patch https://source.android.com/security/bulletin/2020-10-01
Patch https://source.android.com/security/bulletin/2020-10-01
43
/ 100
moderate-risk
Severity 30/34 · Critical
Exploitability 1/34 · Minimal
Exposure 12/34 · Low