Privilege Escalation via System UI Tuner in Android 7.0
CVE-2016-3886 · HIGH Severity
AV:L/AC:L/AU:N/C:C/I:C/A:C
systemui/statusbar/phone/QuickStatusBarHeader.java in the System UI Tuner in Android 7.0 before 2016-09-01 does not prevent tuner changes on the lockscreen, which allows physically proximate attackers to gain privileges by modifying a setting, aka internal bug 30107438.
Learn more about our Cis Benchmark Audit For Google Android.