3 matches found
CVE-2021-39692
In onCreate of SetupLayoutActivity.java, there is a possible way to setup a work profile bypassing user consent due to a tapjacking/overlay attack. This could lead to local escalation of privilege with User execution privileges needed. User interaction is needed for exploitation.Product:...
CVE-2021-39692
creationtimestamp| type| source ---|---|--- 2022-03-16 17:20:45+00:00| seen| https://t.me/cibsecurity/39040...
CVE-2021-39692
CVE-2021-39692 describes a local elevation of privilege in Android (10–12) via SetupLayoutActivity.java (tapjacking/overlay) that could bypass user consent to set up a work profile. Exploitation requires user interaction; CVSS indicates high impact (EoP) with local attack vector. Public reference...