Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2022-42488

OpenHarmony-v3.1.2 and prior versions have a Missing permission validation vulnerability in param service of startup subsystem. An malicious application installed on the device could elevate its privileges to the root user, disable security features, or cause DoS by disabling particular services.

Published

2022-10-14T15:16:26.243

Last Modified

2024-11-21T07:25:03.680

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 8.4 (HIGH)

Weaknesses

Type: Secondary
CWE-287
Type: Primary
CWE-862

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	openharmony	openharmony	< 3.1.2	Yes

References

https://gitee.com/openharmony/security/blob/master/en/security-disclosure/2022/2022-10.md Third Party Advisory ([email protected])
https://gitee.com/openharmony/security/blob/master/en/security-disclosure/2022/2022-10.md Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)