CVE-2022-42488
Startup subsystem missed permission validation in param service. An malicious application installed on the device could elevate its privileges to the root user, disable security features, or cause DoS by disabling particular services.
Vexday Risk Score
21Bajo
Decisión SSVC (CISA)
Track
Sin señal de explotación → monitorear
CVSS 8.4EPSS 0.2%KEV nãoPoC —Nuclei —Metasploit —Patch —
Ciclo de vida
14 oct 2022Publicada en NVD
Recomendación: Monitorear — sin señal de explotación por ahora.
OpenHarmony-v3.1.2 and prior versions have a Missing permission validation vulnerability in param service of startup subsystem. An malicious application installed on the device could elevate its privileges to the root user, disable security features, or cause DoS by disabling particular services.
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Productos afectados
OpenHarmony · OpenHarmony¿Quieres saber si tu infraestructura está expuesta a esto?
Hablar con TrueHacking →