CVE-2022-48518

EPSS 0.1%CWE-701

Vexday Risk Score

3Bajo

Decisión SSVC (CISA)

Track

Sin señal de explotación → monitorear

CVSS —EPSS 0.1%KEV nãoPoC —Nuclei —Metasploit —Patch —

Ciclo de vida

06 jul 2023Publicada en NVD

Recomendación: Monitorear — sin señal de explotación por ahora.

Vulnerability of signature verification in the iaware system being initialized later than the time when the system broadcasts are sent. Successful exploitation of this vulnerability may cause malicious apps to start upon power-on by spoofing the package names of apps in the startup trustlist, which affects system performance.

Productos afectados

Huawei · EMUI Huawei · HarmonyOS

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →

Referencias

https://consumer.huawei.com/en/support/bulletin/2023/7/https://device.harmonyos.com/en/docs/security/update/security-bulletins-202307-0000001587168858