CVE-2022-48291Missing Authentication for Critical Function in Huawei Emui

CWE-306Missing Authentication for Critical Function3 documents3 sources
Severity
6.5MEDIUMNVD
EPSS
0.0%
top 87.24%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Huawei EmuiHuawei Harmonyos
Timeline
PublishedMar 27
Latest updateMar 28

Description

The Bluetooth module has an authentication bypass vulnerability in the pairing process. Successful exploitation of this vulnerability may affect confidentiality.

CVSS vector

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:NExploitability: 2.8 | Impact: 3.6

Affected Packages4 packages

CVEListV5huawei/emui4 versions+3
NVDhuawei/emui4 versions+3
CVEListV5huawei/harmonyos4 versions+3
NVDhuawei/harmonyos4 versions+3

🔴Vulnerability Details

2
GHSA
GHSA-jrh6-cm82-9cwp: The Bluetooth module has an authentication bypass vulnerability in the pairing process2023-03-28
CVEList
CVE-2022-48291: The Bluetooth module has an authentication bypass vulnerability in the pairing process2023-03-27
CVE-2022-48291 — Huawei Emui vulnerability | cvebase