CVE-2022-48496Improper Authentication in Huawei Emui

CWE-287Improper AuthenticationCWE-306Missing Authentication for Critical Function3 documents3 sources
Severity
7.5HIGHNVD
EPSS
0.1%
top 75.70%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Huawei EmuiHuawei Harmonyos
Timeline
PublishedJun 19

Description

Vulnerability of lax app identity verification in the pre-authorization function.Successful exploitation of this vulnerability will cause malicious apps to become pre-authorized.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:NExploitability: 3.9 | Impact: 3.6

Affected Packages3 packages

CVEListV5huawei/emui4 versions+3
NVDhuawei/emui4 versions+3
CVEListV5huawei/harmonyos5 versions+4

🔴Vulnerability Details

2
CVEList
CVE-2022-48496: Vulnerability of lax app identity verification in the pre-authorization function2023-06-19
GHSA
GHSA-7v38-8rx6-7rw9: Vulnerability of lax app identity verification in the pre-authorization function2023-06-19
CVE-2022-48496 — Improper Authentication in Huawei Emui | cvebase