CVE-2022-48518

EPSS 0.03%
Published 06.07.2023 13:15:10
Last modified 21.11.2024 07:33:29
Source psirt@huawei.com
Teams watchlist Login
Open Login

Vulnerability of signature verification in the iaware system being initialized later than the time when the system broadcasts are sent. Successful exploitation of this vulnerability may cause malicious apps to start upon power-on by spoofing the package names of apps in the startup trustlist, which affects system performance.

Affected products Warnungen 0 Metrics 2 CWE 1 References 5

Data is provided by the National Vulnerability Database (NVD)

Huawei ≫ Emui Version12.0.0

Huawei ≫ Emui Version12.0.1

Huawei ≫ Harmonyos Version2.0.0

Huawei ≫ Harmonyos Version2.0.1

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.03%	0.064

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	5.5	1.8	3.6	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

CWE-665 Improper Initialization

The product does not initialize or incorrectly initializes a resource, which might leave the resource in an unexpected state when it is accessed or used.

https://consumer.huawei.com/en/support/bulletin/2023/7/

Vendor Advisory

https://device.harmonyos.com/en/docs/security/update/security-bulletins-202307-0000001587168858

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2022-48518

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2022-48518

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2022-48518

EUVD