Insufficient Verification of Data Authenticity
CVE-2021-39689
Summary
In multiple functions of odsign_main.cpp, there is a possible way to persist system attack due to a logic error in the code. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12Android ID: A-206090748
- LOW
- LOCAL
- HIGH
- UNCHANGED
- NONE
- HIGH
- HIGH
- HIGH
CWE-345 - Insufficient Verification of Data Authenticity
The software does not sufficiently verify the origin or authenticity of data, in a way that causes it to accept invalid data.
References
Advisory Timeline
- Published