Lucene search
HistoryNov 09, 2022 - 9:15 p.m.
CVE-2022-44561
cve-2022-44561
permission verification
vulnerability
unauthorized apps
widgets
shortcuts
nvd
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
0.001 Low
EPSS
Percentile
34.4%
The preset launcher module has a permission verification vulnerability. Successful exploitation of this vulnerability makes unauthorized apps add arbitrary widgets and shortcuts without interaction.
Affected configurations
Node
huaweiemuiMatch11.0.1
ORhuaweiemuiMatch12.0.0
ORhuaweiemuiMatch12.0.1
Node
huaweiharmonyosMatch2.0
ORhuaweiharmonyosMatch3.0.0
| CPE | Name | Operator | Version |
|---|---|---|---|
| huawei:emui | huawei emui | eq | 11.0.1 |
| huawei:emui | huawei emui | eq | 12.0.0 |
| huawei:emui | huawei emui | eq | 12.0.1 |
CNA Affected
[
{
"vendor": "Huawei",
"product": "HarmonyOS",
"versions": [
{
"version": "2.0",
"status": "affected"
}
]
},
{
"vendor": "Huawei",
"product": "EMUI",
"versions": [
{
"version": "12.0.1",
"status": "affected"
},
{
"version": "12.0.0",
"status": "affected"
},
{
"version": "11.0.1",
"status": "affected"
}
]
}
]References
Social References
More
Related
prion
prion
Design/Logic Flaw
2022-11-09 21:15:00
nvd
nvd
CVE-2022-44561
2022-11-09 21:15:18
cvelist
cvelist
CVE-2022-44561
2022-11-09 00:00:00
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
0.001 Low
EPSS
Percentile
34.4%
Related for CVE-2022-44561