CVE-2022-44548 — Incorrect Default Permissions in Huawei Emui

CWE-276 — Incorrect Default Permissions3 documents3 sources

Severity

4.3MEDIUMNVD

EPSS

0.0%

top 91.95%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Huawei Emui Huawei Harmonyos

Timeline

PublishedNov 9

Latest updateNov 10

Description

There is a vulnerability in permission verification during the Bluetooth pairing process. Successful exploitation of this vulnerability may cause the dialog box for confirming the pairing not to be displayed during Bluetooth pairing.

CVSS vector

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:NExploitability: 2.8 | Impact: 1.4

Affected Packages4 packages

▶CVEListV5huawei/emui11.0.1, 12.0.0, 12.0.1+2

▶NVDhuawei/emui11.0.1, 12.0.0, 12.0.1+2

▶CVEListV5huawei/harmonyos2.0, 2.1+1

▶NVDhuawei/harmonyos2.0, 2.1, 3.0.0+2

🔴Vulnerability Details

GHSA

GHSA-6xvj-x5f6-3fg6: There is a vulnerability in permission verification during the Bluetooth pairing process↗2022-11-10

▶

CVEList

CVE-2022-44548: There is a vulnerability in permission verification during the Bluetooth pairing process↗2022-11-09

▶