Login Sign Up

CVE-2021-0692

7.8 HIGH

📋 TL;DR

This vulnerability allows local attackers to escalate privileges on Android devices by exploiting an unsafe PendingIntent in the FirstScreenBroadcast component. Attackers can launch arbitrary activities without user interaction, potentially gaining elevated access. Affects Android 9, 10, and 11 devices.

💻 Affected Systems

Products:
  • Android
Versions: Android 9, 10, and 11
Operating Systems: Android
Default Config Vulnerable: ⚠️ Yes
Notes: All devices running affected Android versions are vulnerable by default. The vulnerability is in the Android framework itself.

📦 What is this software?

Android by Google

View all CVEs affecting Android →

Android by Google

View all CVEs affecting Android →

Android by Google

View all CVEs affecting Android →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete device compromise allowing installation of malicious apps, data theft, and persistence as system-level malware.

🟠

Likely Case

Local privilege escalation enabling unauthorized access to sensitive system functions and user data.

🟢

If Mitigated

Limited impact if device is fully patched and has security controls like verified boot enabled.

🌐 Internet-Facing: LOW - This is a local privilege escalation requiring physical or local access to the device.
🏢 Internal Only: HIGH - Malicious apps or users with local access can exploit this without additional privileges.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: MEDIUM

Exploitation requires local access to the device but no user interaction. The vulnerability is in a system component accessible to apps.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Android Security Patch Level 2021-09-01 or later

Vendor Advisory: https://source.android.com/security/bulletin/2021-09-01

Restart Required: Yes

Instructions:

1. Check for system updates in Settings > System > Advanced > System update. 2. Install the September 2021 Android security patch or later. 3. Reboot the device after installation.

🔧 Temporary Workarounds

Disable unnecessary apps

android

Remove or disable apps that might exploit this vulnerability by restricting app installations to trusted sources only.

🧯 If You Can't Patch

  • Restrict physical access to devices and implement mobile device management (MDM) controls.
  • Monitor for suspicious app behavior and limit app permissions to minimum necessary levels.

🔍 How to Verify

Check if Vulnerable:

Check Android version and security patch level in Settings > About phone > Android version and Security patch level.

Check Version:

adb shell getprop ro.build.version.security_patch

Verify Fix Applied:

Verify security patch level is 2021-09-01 or later in Settings > About phone.

📡 Detection & Monitoring

Log Indicators:

  • Unusual activity launches from system components, particularly FirstScreenBroadcast-related events in system logs.

Network Indicators:

  • Not applicable - this is a local privilege escalation vulnerability.

SIEM Query:

Not applicable for typical SIEM systems as this is a local Android vulnerability.

📊 Metadata

CVE ID: CVE-2021-0692
CVSS v3 Score: 7.8 (HIGH)
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CWE: CWE-732
Published: October 6, 2021
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2021-0692, you might also want to check these:

CVE-2021-33509 9.9

This vulnerability allows remote authenticated managers in Plone to perform arbitrary disk I/O opera...

Same vulnerability type (CWE-732)
CVE-2024-5618 9.9

This vulnerability allows attackers to access functionality they shouldn't have permission to use in...

Same vulnerability type (CWE-732)
CVE-2023-40622 9.9

This vulnerability in SAP BusinessObjects Business Intelligence Platform allows authenticated attack...

Same vulnerability type (CWE-732)