Login Sign Up

CVE-2021-0642

5.5 MEDIUM

📋 TL;DR

This Android vulnerability allows local apps to retrieve a trackable identifier from the voicemail settings component without proper permissions. It affects Android devices running versions 8.1 through 11. User interaction is required for exploitation, making it an information disclosure issue.

💻 Affected Systems

Products:
  • Android
Versions: Android 8.1, 9, 10, 11
Operating Systems: Android
Default Config Vulnerable: ⚠️ Yes
Notes: All devices running affected Android versions with default configurations are vulnerable.

📦 What is this software?

Android by Google

View all CVEs affecting Android →

Android by Google

View all CVEs affecting Android →

Android by Google

View all CVEs affecting Android →

Android by Google

View all CVEs affecting Android →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Malicious app could persistently track user's device identifier, enabling profiling or correlation with other data leaks.

🟠

Likely Case

Limited information disclosure to apps already installed on device, potentially enabling targeted advertising or tracking.

🟢

If Mitigated

No impact if proper Android security updates are applied or if users avoid installing untrusted apps.

🌐 Internet-Facing: LOW - Requires local app execution, not directly exploitable over network.
🏢 Internal Only: MEDIUM - Local apps can exploit, but requires user interaction and app installation.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: MEDIUM

Requires user to install malicious app and interact with voicemail settings. No public exploit code known.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Android Security Bulletin August 2021 patches

Vendor Advisory: https://source.android.com/security/bulletin/2021-08-01

Restart Required: Yes

Instructions:

1. Check for Android system updates in Settings > System > Advanced > System update. 2. Install August 2021 security patch or later. 3. Reboot device after installation.

🔧 Temporary Workarounds

Disable Voicemail Settings Access

android

Prevent apps from accessing voicemail settings component

adb shell pm disable-user --user 0 com.android.phone

Restrict App Permissions

android

Review and restrict permissions for all installed apps

🧯 If You Can't Patch

  • Avoid installing untrusted apps from unknown sources
  • Regularly review app permissions and remove unnecessary ones

🔍 How to Verify

Check if Vulnerable:

Check Android version in Settings > About phone > Android version. If version is 8.1, 9, 10, or 11 without August 2021 security patch, device is vulnerable.

Check Version:

adb shell getprop ro.build.version.security_patch

Verify Fix Applied:

Verify Android Security Patch Level in Settings > About phone shows August 2021 or later.

📡 Detection & Monitoring

Log Indicators:

  • Unusual access to VoicemailSettingsFragment component
  • Permission denial logs for com.android.phone

Network Indicators:

  • None - local vulnerability only

SIEM Query:

Not applicable for typical SIEM monitoring as this is local Android component access.

📊 Metadata

CVE ID: CVE-2021-0642
CVSS v3 Score: 5.5 (MEDIUM)
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
CWE: CWE-862
Published: August 17, 2021
Last Updated: February 25, 2026

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2021-0642, you might also want to check these:

CVE-2024-6071 10.0

CVE-2024-6071 is a critical remote code execution vulnerability in PTC Creo Elements/Direct License ...

Same vulnerability type (CWE-862)
CVE-2022-0543 10.0

CVE-2022-0543 is a critical Lua sandbox escape vulnerability in Redis on Debian-based systems that a...

Same vulnerability type (CWE-862)
CVE-2024-6500 10.0

This vulnerability allows unauthenticated attackers to read and delete arbitrary files on WordPress ...

Same vulnerability type (CWE-862)