CVE-2021-0385 – This Android vulnerability allows attackers to ... (How to Fix)

Q: What is the severity of CVE-2021-0385?

CVE-2021-0385 has a CVSS score of 7.8 (HIGH). This Android vulnerability allows attackers to connect devices to untrusted WiFi networks through lock screen notifications, potentially enabling local privilege escalation. It affects Android 11 devices, requiring physical access but no user interaction for exploitation.

📋 TL;DR

This Android vulnerability allows attackers to connect devices to untrusted WiFi networks through lock screen notifications, potentially enabling local privilege escalation. It affects Android 11 devices, requiring physical access but no user interaction for exploitation.

💻 Affected Systems

Products:

Android

Versions: Android 11

Operating Systems: Android

Default Config Vulnerable: ⚠️ Yes

Notes: Requires physical access to device lock screen. Pixel devices specifically mentioned in bulletins.

📦 What is this software?

Android by Google

View all CVEs affecting Android →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attacker gains elevated privileges on device, potentially accessing sensitive data, installing malware, or performing unauthorized actions.

🟠

Likely Case

Device connects to malicious WiFi network enabling man-in-the-middle attacks, credential theft, or network-based exploitation.

🟢

If Mitigated

Limited impact if device uses VPN, network restrictions, or has updated security patches.

🌐 Internet-Facing: LOW

🏢 Internal Only: HIGH

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: LOW

Requires physical device access but no authentication. No user interaction needed once device is locked.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Android Security Patch Level 2021-03-01 or later

Vendor Advisory: https://source.android.com/security/bulletin/pixel/2021-03-01

Restart Required: Yes

Instructions:

1. Check for system updates in Settings > System > Advanced > System update. 2. Install Android Security Patch Level 2021-03-01 or later. 3. Reboot device after installation.

🔧 Temporary Workarounds

Disable WiFi notifications on lock screen

android

Prevent WiFi connection notifications from appearing on lock screen

Settings > Apps & notifications > Notifications > On the lock screen > Don't show notifications at all

Disable WiFi auto-connect

android

Prevent automatic connection to available networks

Settings > Network & internet > Wi-Fi > Wi-Fi preferences > Turn off 'Connect to open networks' and 'Turn on Wi-Fi automatically'

🧯 If You Can't Patch

Physically secure devices to prevent unauthorized access
Use mobile data instead of WiFi in untrusted environments

🔍 How to Verify

Check if Vulnerable:

Check Android version: Settings > About phone > Android version. If version is 11 and security patch level is before 2021-03-01, device is vulnerable.

Check Version:

adb shell getprop ro.build.version.release && adb shell getprop ro.build.version.security_patch

Verify Fix Applied:

Verify Android Security Patch Level is 2021-03-01 or later in Settings > About phone > Android security patch level.

📡 Detection & Monitoring

Log Indicators:

Unexpected WiFi connection events in system logs
Network changes while device locked

Network Indicators:

Device connecting to unknown WiFi networks
Unusual network traffic patterns

SIEM Query:

source="android_system" AND (event="WIFI_CONNECT" OR event="NETWORK_CHANGE") AND user="locked"

📊 Metadata

CVE ID: CVE-2021-0385

CVSS v3 Score: 7.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-862

Published: March 10, 2021

Last Updated: November 21, 2024

🔗 References

https://source.android.com/security/bulletin/pixel/2021-03-01 Patch,Vendor Advisory
https://source.android.com/security/bulletin/pixel/2021-03-01 Patch,Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2021-0385, you might also want to check these: