Lucene search
VivoCVELIST:CVE-2021-26277HistoryFeb 17, 2023 - 12:00 a.m.
CVE-2021-26277 Security Advisory | PendingIntent hijacking vulnerability in Framework Services
2023-02-1700:00:00
CWE-94
Vivo
www.cve.org
2
framework services
pendingintent
vulnerability
privileged actions
CVSS3
5.6
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:L/A:N
AI Score
9.4
Confidence
High
EPSS
0.003
Percentile
70.5%
The framework service handles pendingIntent incorrectly, allowing a malicious application with certain privileges to perform privileged actions.
CNA Affected
[
{
"vendor": "vivo",
"product": "Frame service",
"versions": [
{
"version": "2021.6.30",
"status": "affected",
"lessThan": "all",
"versionType": "custom"
}
]
}
]Related
nvd
nvd
CVE-2021-26277
2023-02-17 22:15:11
prion
prion
Code injection
2023-02-17 22:15:00
cve
cve
CVE-2021-26277
2023-02-17 22:15:11
CVSS3
5.6
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:L/A:N
AI Score
9.4
Confidence
High
EPSS
0.003
Percentile
70.5%
Related for CVELIST:CVE-2021-26277