Sign-up

ID

VAR-202302-0392


CVE

CVE-2022-48295


TITLE

EMUI  and  HarmonyOS  Improper Permission Preservation Vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2023-003621

DESCRIPTION

The IHwAntiMalPlugin interface lacks permission verification. Successful exploitation of this vulnerability can lead to filling problems (batch installation of applications). EMUI and HarmonyOS contains an improper permissions retention vulnerability.Information may be tampered with

Trust: 1.8

sources: NVD: CVE-2022-48295 // JVNDB: JVNDB-2023-003621 // VULHUB: VHN-453375 // VULMON: CVE-2022-48295

AFFECTED PRODUCTS

vendor:huaweimodel:emuiscope:eqversion:12.0.0

Trust: 1.0

vendor:huaweimodel:harmonyosscope:eqversion:2.0

Trust: 1.0

vendor:huaweimodel:emuiscope:eqversion:12.0.1

Trust: 1.0

vendor:huaweimodel:emuiscope:eqversion:11.0.1

Trust: 1.0

vendor:huaweimodel:emuiscope: - version: -

Trust: 0.8

vendor:huaweimodel:harmonyosscope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2023-003621 // NVD: CVE-2022-48295

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2022-48295
value: HIGH

Trust: 1.0

NVD: CVE-2022-48295
value: HIGH

Trust: 0.8

CNNVD: CNNVD-202302-352
value: HIGH

Trust: 0.6

nvd@nist.gov: CVE-2022-48295
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: HIGH
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 3.6
version: 3.1

Trust: 1.0

NVD: CVE-2022-48295
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: HIGH
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: JVNDB: JVNDB-2023-003621 // CNNVD: CNNVD-202302-352 // NVD: CVE-2022-48295

PROBLEMTYPE DATA

problemtype:CWE-281

Trust: 1.1

problemtype:Improper retention of permissions (CWE-281) [NVD evaluation ]

Trust: 0.8

sources: VULHUB: VHN-453375 // JVNDB: JVNDB-2023-003621 // NVD: CVE-2022-48295

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202302-352

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202302-352

PATCH

title:security-bulletins-202302-0000001454769474 Huawei Support Bulletinurl:https://device.harmonyos.com/en/docs/security/update/security-bulletins-202302-0000001454769474

Trust: 0.8

title:Huawei HarmonyOS Security vulnerabilitiesurl:http://123.124.177.30/web/xxk/bdxqById.tag?id=225929

Trust: 0.6

sources: JVNDB: JVNDB-2023-003621 // CNNVD: CNNVD-202302-352

EXTERNAL IDS

db:NVDid:CVE-2022-48295

Trust: 3.4

db:JVNDBid:JVNDB-2023-003621

Trust: 0.8

db:CNNVDid:CNNVD-202302-352

Trust: 0.6

db:VULHUBid:VHN-453375

Trust: 0.1

db:VULMONid:CVE-2022-48295

Trust: 0.1

sources: VULHUB: VHN-453375 // VULMON: CVE-2022-48295 // JVNDB: JVNDB-2023-003621 // CNNVD: CNNVD-202302-352 // NVD: CVE-2022-48295

REFERENCES

url:https://consumer.huawei.com/en/support/bulletin/2023/2/

Trust: 1.8

url:https://device.harmonyos.com/en/docs/security/update/security-bulletins-202302-0000001454769474

Trust: 1.8

url:https://nvd.nist.gov/vuln/detail/cve-2022-48295

Trust: 0.8

url:https://cxsecurity.com/cveshow/cve-2022-48295/

Trust: 0.6

url:https://device.harmonyos.com/cn/docs/security/update/security-bulletins-202302-0000001454769474

Trust: 0.6

url:https://nvd.nist.gov

Trust: 0.1

sources: VULHUB: VHN-453375 // VULMON: CVE-2022-48295 // JVNDB: JVNDB-2023-003621 // CNNVD: CNNVD-202302-352 // NVD: CVE-2022-48295

SOURCES

db:VULHUBid:VHN-453375
db:VULMONid:CVE-2022-48295
db:JVNDBid:JVNDB-2023-003621
db:CNNVDid:CNNVD-202302-352
db:NVDid:CVE-2022-48295

LAST UPDATE DATE

2024-08-14T15:16:15.677000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-453375date:2023-02-17T00:00:00
db:VULMONid:CVE-2022-48295date:2023-02-09T00:00:00
db:JVNDBid:JVNDB-2023-003621date:2023-09-14T07:48:00
db:CNNVDid:CNNVD-202302-352date:2023-02-20T00:00:00
db:NVDid:CVE-2022-48295date:2023-02-17T13:43:06.680

SOURCES RELEASE DATE

db:VULHUBid:VHN-453375date:2023-02-09T00:00:00
db:VULMONid:CVE-2022-48295date:2023-02-09T00:00:00
db:JVNDBid:JVNDB-2023-003621date:2023-09-14T00:00:00
db:CNNVDid:CNNVD-202302-352date:2023-02-05T00:00:00
db:NVDid:CVE-2022-48295date:2023-02-09T17:15:14.113