Cloud Vulnerability DB
A community-led vulnerabilities database
Vulnerability DatabaseCVE-2021-0602
CVE-2021-0602:
NixOS vulnerability analysis and mitigation
Overview
A vulnerability was discovered in Android versions 10 and 11 that allows guest users to view and modify Wi-Fi settings for all configured Access Points (APs) due to a permissions bypass. The vulnerability (CVE-2021-0602) was found in the onCreateOptionsMenu of WifiNetworkDetailsFragment.java and was disclosed on July 14, 2021. This vulnerability affects Android versions 10 and 11 (MISC).
Technical details
The vulnerability exists in the onCreateOptionsMenu function of WifiNetworkDetailsFragment.java, where a permissions bypass allows unauthorized access to Wi-Fi settings. The vulnerability has been assigned a CVSS score of 7.2, indicating a high severity level. The issue requires no additional execution privileges and can be exploited without user interaction (MISC).
Impact
When exploited, this vulnerability allows guest users to view and modify Wi-Fi settings for all configured Access Points in the system. This represents a significant security breach as it bypasses the intended access restrictions for guest users (MISC).
Additional resources
Source: This report was generated using AI
Related NixOS vulnerabilities:
Free Vulnerability Assessment
Benchmark your Cloud Security Posture
Evaluate your cloud security practices across 9 security domains to benchmark your risk level and identify gaps in your defenses.
Additional Wiz resources
Get a personalized demo
Ready to see Wiz in action?
"Best User Experience I have ever seen, provides full visibility to cloud workloads."
David EstlickCISO
"Wiz provides a single pane of glass to see what is going on in our cloud environments."
Adam FletcherChief Security Officer
"We know that if Wiz identifies something as critical, it actually is."
Greg PoniatowskiHead of Threat and Vulnerability Management