CVE-2022-48518Improper Initialization in Huawei Emui

CWE-701CWE-665Improper Initialization3 documents3 sources
Severity
5.5MEDIUMNVD
EPSS
0.0%
top 90.70%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Huawei EmuiHuawei Harmonyos
Timeline
PublishedJul 6

Description

Vulnerability of signature verification in the iaware system being initialized later than the time when the system broadcasts are sent. Successful exploitation of this vulnerability may cause malicious apps to start upon power-on by spoofing the package names of apps in the startup trustlist, which affects system performance.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:NExploitability: 1.8 | Impact: 3.6

Affected Packages4 packages

CVEListV5huawei/emui12.0.0, 12.0.1+1
NVDhuawei/emui12.0.0, 12.0.1+1
CVEListV5huawei/harmonyos2.0.0, 2.0.1+1
NVDhuawei/harmonyos2.0.0, 2.0.1+1

🔴Vulnerability Details

2
CVEList
CVE-2022-48518: Vulnerability of signature verification in the iaware system being initialized later than the time when the system broadcasts are sent2023-07-06
GHSA
GHSA-2x35-3575-64cp: Vulnerability of signature verification in the iaware system being initialized later than the time when the system broadcasts are sent2023-07-06
CVE-2022-48518 — Improper Initialization in Huawei Emui | cvebase