CVE-2022-42488
8.4
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
OpenHarmony-v3.1.2 and prior versions have a Missing permission validation vulnerability in param service of startup subsystem. An malicious application installed on the device could elevate its privileges to the root user, disable security features, or cause DoS by disabling particular services.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| OpenHarmony | OpenHarmony | OpenHarmony-v3.1.x-Release <= 3.1.2 | affected |
Weaknesses
- CWE-287: CWE-287 Improper Authentication
ADP Enrichment
CVE Program Container
Additional References
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: no
- Technical Impact: total
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.