CVE-2022-46316 — Improper Authentication in Huawei Harmonyos

CWE-287 — Improper Authentication2 documents2 sources

Severity

9.8CRITICALNVD

EPSS

0.2%

top 57.14%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Huawei Harmonyos

Timeline

PublishedDec 20

Description

A thread security vulnerability exists in the authentication process. Successful exploitation of this vulnerability may affect data integrity, confidentiality, and availability.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages2 packages

▶NVDhuawei/harmonyos< 2.1

▶CVEListV5huawei/harmonyos2.1, 3.0.0+1

Patches

Patch: device.harmonyos.com ↗Patch: device.harmonyos.com ↗

🔴Vulnerability Details

GHSA

GHSA-h9xp-mrv3-8452: A thread security vulnerability exists in the authentication process↗2022-12-20

▶