CVE-2022-48518 Vulnerability Details

  /     /     /  

CVE-2022-48518 Metadata Quick Info

CVE Published: 06/07/2023 | CVE Updated: 19/11/2024 | CVE Year: 2022
Source: huawei | Vendor: Huawei | Product: HarmonyOS
Status : PUBLISHED

CVE-2022-48518 Description

Vulnerability of signature verification in the iaware system being initialized later than the time when the system broadcasts are sent. Successful exploitation of this vulnerability may cause malicious apps to start upon power-on by spoofing the package names of apps in the startup trustlist, which affects system performance.

Metrics

CVSS Version: 3.1 | Base Score: n/a
Vector: n/a

l➤ Exploitability Metrics:
    Attack Vector (AV)*
    Attack Complexity (AC)*
    Privileges Required (PR)*
    User Interaction (UI)*
    Scope (S)*

l➤ Impact Metrics:
    Confidentiality Impact (C)*
    Integrity Impact (I)*
    Availability Impact (A)*

Weakness Enumeration (CWE)

CWE-ID: CWE-701
CWE Name: CWE-701 Weaknesses Introduced During Design
Source: Huawei

Common Attack Pattern Enumeration and Classification (CAPEC)

CAPEC-ID:
CAPEC Description:


Source: NVD (National Vulnerability Database).