Huawei Harmonyos vulnerabilities

CVE-2023-34159 [CRITICAL] CVE-2023-34159: Improper permission control vulnerability in the Notepad app.Successful exploitation of the vulnerab Improper permission control vulnerability in the Notepad app.Successful exploitation of the vulnerability may lead to privilege escalation, which affects availability and confidentiality.

CVE-2022-48494 [HIGH] CWE-287 CVE-2022-48494: Vulnerability of lax app identity verification in the pre-authorization function.Successful exploita Vulnerability of lax app identity verification in the pre-authorization function.Successful exploitation of this vulnerability will cause malicious apps to become pre-authorized.

CVE-2023-34166 [HIGH] CWE-400 CVE-2023-34166: Vulnerability of system restart triggered by abnormal callbacks passed to APIs.Successful exploitati Vulnerability of system restart triggered by abnormal callbacks passed to APIs.Successful exploitation of this vulnerability may cause the system to restart.

CVE-2023-34163 [HIGH] CVE-2023-34163: Permission control vulnerability in the window management module.Successful exploitation of this vul Permission control vulnerability in the window management module.Successful exploitation of this vulnerability may cause features to perform abnormally.

CVE-2023-34155 [HIGH] CVE-2023-34155: Vulnerability of unauthorized calling on HUAWEI phones and tablets.Successful exploitation of this v Vulnerability of unauthorized calling on HUAWEI phones and tablets.Successful exploitation of this vulnerability may affect availability.

CVE-2022-48496 [HIGH] CWE-287 CVE-2022-48496: Vulnerability of lax app identity verification in the pre-authorization function.Successful exploita Vulnerability of lax app identity verification in the pre-authorization function.Successful exploitation of this vulnerability will cause malicious apps to become pre-authorized.

CVE-2023-34162 [HIGH] CVE-2023-34162: Version update determination vulnerability in the user profile module.Successful exploitation of thi Version update determination vulnerability in the user profile module.Successful exploitation of this vulnerability may cause repeated HMS Core updates and cause services to fail.

CVE-2023-34161 [HIGH] CWE-863 CVE-2023-34161: nappropriate authorization vulnerability in the SettingsProvider module.Successful exploitation of t nappropriate authorization vulnerability in the SettingsProvider module.Successful exploitation of this vulnerability may cause features to perform abnormally.

CVE-2023-34160 [MEDIUM] CWE-290 CVE-2023-34160: Vulnerability of spoofing trustlists of Huawei desktop.Successful exploitation of this vulnerability Vulnerability of spoofing trustlists of Huawei desktop.Successful exploitation of this vulnerability can cause third-party apps to hide app icons on the desktop to prevent them from being uninstalled.

CVE-2022-48488 [MEDIUM] CWE-863 CVE-2022-48488: Vulnerability of bypassing the default desktop security controls.Successful exploitation of this vul Vulnerability of bypassing the default desktop security controls.Successful exploitation of this vulnerability may cause unauthorized modifications to the desktop.

CVE-2023-34156 [MEDIUM] CWE-384 CVE-2023-34156: Vulnerability of services denied by early fingerprint APIs on HarmonyOS products.Successful exploita Vulnerability of services denied by early fingerprint APIs on HarmonyOS products.Successful exploitation of this vulnerability may cause services to be denied.

CVE-2023-34158 [MEDIUM] CWE-290 CVE-2023-34158: Vulnerability of spoofing trustlists of Huawei desktop.Successful exploitation of this vulnerability Vulnerability of spoofing trustlists of Huawei desktop.Successful exploitation of this vulnerability can cause third-party apps to hide app icons on the desktop to prevent them from being uninstalled.

CVE-2023-34167 [MEDIUM] CWE-290 CVE-2023-34167: Vulnerability of spoofing trustlists of Huawei desktop.Successful exploitation of this vulnerability Vulnerability of spoofing trustlists of Huawei desktop.Successful exploitation of this vulnerability can cause third-party apps to hide app icons on the desktop to prevent them from being uninstalled.

CVE-2022-48495 [MEDIUM] CWE-863 CVE-2022-48495: Vulnerability of unauthorized access to foreground app information.Successful exploitation of this v Vulnerability of unauthorized access to foreground app information.Successful exploitation of this vulnerability may cause foreground app information to be obtained.

CVE-2022-48491 [MEDIUM] CWE-862 CVE-2022-48491: Vulnerability of missing authentication on certain HUAWEI phones.Successful exploitation of this vul Vulnerability of missing authentication on certain HUAWEI phones.Successful exploitation of this vulnerability can lead to ads and other windows to display at any time.

CVE-2023-34154 [HIGH] CWE-732 CVE-2023-34154: Vulnerability of undefined permissions in HUAWEI VR screen projection.Successful exploitation of thi Vulnerability of undefined permissions in HUAWEI VR screen projection.Successful exploitation of this vulnerability will cause third-party apps to create windows in an arbitrary way, consuming system resources.

CVE-2023-34157 [MEDIUM] CWE-290 CVE-2023-34157: Vulnerability of HwWatchHealth being hijacked.Successful exploitation of this vulnerability may caus Vulnerability of HwWatchHealth being hijacked.Successful exploitation of this vulnerability may cause repeated pop-up windows of the app.

CVE-2023-34165 [MEDIUM] CWE-862 CVE-2023-34165: Unauthorized access vulnerability in the Save for later feature provided by AI Touch.Successful expl Unauthorized access vulnerability in the Save for later feature provided by AI Touch.Successful exploitation of this vulnerability may cause third-party apps to forge a URI for unauthorized access with zero permissions.

CVE-2022-48479 [CRITICAL] CWE-125 CVE-2022-48479: The facial recognition TA of some products has the out-of-bounds memory read vulnerability. Successf The facial recognition TA of some products has the out-of-bounds memory read vulnerability. Successful exploitation of this vulnerability may cause exceptions of the facial recognition service.

CVE-2022-48478 [CRITICAL] CVE-2022-48478: The facial recognition TA of some products lacks memory length verification. Successful exploitation The facial recognition TA of some products lacks memory length verification. Successful exploitation of this vulnerability may cause exceptions of the facial recognition service.