CVE-2022-48518 - Vulnerability Details - OpenCVE

Vulnerability of signature verification in the iaware system being initialized later than the time when the system broadcasts are sent. Successful exploitation of this vulnerability may cause malicious apps to start upon power-on by spoofing the package names of apps in the startup trustlist, which affects system performance.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact High

Availability Impact None

User Interaction Required

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00029.

Exploitation none

Automatable no

Technical Impact partial

Vendors	Products
Huawei	Emui Harmonyos

Configuration 1 [-]

OR	cpe:2.3:o:huawei:emui:12.0.0:::::::*
	cpe:2.3:o:huawei:emui:12.0.1:::::::*
	cpe:2.3:o:huawei:harmonyos:2.0.0:::::::*
	cpe:2.3:o:huawei:harmonyos:2.0.1:::::::*

No data.

No data.

Advisories

Source	ID	Title
EUVD	EUVD-2022-51214	Vulnerability of signature verification in the iaware system being initialized later than the time when the system broadcasts are sent. Successful exploitation of this vulnerability may cause malicious apps to start upon power-on by spoofing the package names of apps in the startup trustlist, which affects system performance.

Fixes

Solution

No solution given by the vendor.

Workaround

No workaround given by the vendor.

References

Link	Providers
https://consumer.huawei.com/en/support/bulletin/2023/7/
https://device.harmonyos.com/en/docs/security/update/security-bulletins-202307-0000001587168858

History

Tue, 19 Nov 2024 17:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

MITRE

Status: PUBLISHED

Assigner: huawei

Published: 2023-07-06T12:53:19.166Z

Updated: 2024-11-19T16:57:33.457Z

Reserved: 2023-06-29T11:23:50.334Z

Link: CVE-2022-48518

Vulnrichment

Updated: 2024-08-03T15:17:54.788Z

NVD

Status : Modified

Published: 2023-07-06T13:15:10.563

Modified: 2024-11-21T07:33:29.100

Link: CVE-2022-48518

Redhat

No data.

OpenCVE Enrichment

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2022-48518", "assignerOrgId": "25ac1063-e409-4190-8079-24548c77ea2e", "state": "PUBLISHED", "assignerShortName": "huawei", "dateReserved": "2023-06-29T11:23:50.334Z", "datePublished": "2023-07-06T12:53:19.166Z", "dateUpdated": "2024-11-19T16:57:33.457Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "HarmonyOS", "vendor": "Huawei", "versions": [{"status": "affected", "version": "2.0.0"}, {"status": "affected", "version": "2.0.1"}]}, {"defaultStatus": "unaffected", "product": "EMUI", "vendor": "Huawei", "versions": [{"status": "affected", "version": "12.0.0"}, {"status": "affected", "version": "12.0.1"}]}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Vulnerability of signature verification in the iaware system being initialized later than the time when the system broadcasts are sent. Successful exploitation of this vulnerability may cause malicious apps to start upon power-on by spoofing the package names of apps in the startup trustlist, which affects system performance."}], "value": "Vulnerability of signature verification in the iaware system being initialized later than the time when the system broadcasts are sent. Successful exploitation of this vulnerability may cause malicious apps to start upon power-on by spoofing the package names of apps in the startup trustlist, which affects system performance."}], "problemTypes": [{"descriptions": [{"cweId": "CWE-701", "description": "CWE-701 Weaknesses Introduced During Design", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "25ac1063-e409-4190-8079-24548c77ea2e", "shortName": "huawei", "dateUpdated": "2023-07-06T12:53:19.166Z"}, "references": [{"url": "https://consumer.huawei.com/en/support/bulletin/2023/7/"}, {"url": "https://device.harmonyos.com/en/docs/security/update/security-bulletins-202307-0000001587168858"}], "source": {"discovery": "UNKNOWN"}, "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T15:17:54.788Z"}, "title": "CVE Program Container", "references": [{"url": "https://consumer.huawei.com/en/support/bulletin/2023/7/", "tags": ["x_transferred"]}, {"url": "https://device.harmonyos.com/en/docs/security/update/security-bulletins-202307-0000001587168858", "tags": ["x_transferred"]}]}, {"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-11-19T16:57:25.783538Z", "id": "CVE-2022-48518", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-11-19T16:57:33.457Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://consumer.huawei.com/en/support/bulletin/2023/7/", "tags": ["x_transferred"]}, {"url": "https://device.harmonyos.com/en/docs/security/update/security-bulletins-202307-0000001587168858", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T15:17:54.788Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2022-48518", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-11-19T16:57:25.783538Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-11-19T16:57:29.884Z"}}], "cna": {"source": {"discovery": "UNKNOWN"}, "affected": [{"vendor": "Huawei", "product": "HarmonyOS", "versions": [{"status": "affected", "version": "2.0.0"}, {"status": "affected", "version": "2.0.1"}], "defaultStatus": "unaffected"}, {"vendor": "Huawei", "product": "EMUI", "versions": [{"status": "affected", "version": "12.0.0"}, {"status": "affected", "version": "12.0.1"}], "defaultStatus": "unaffected"}], "references": [{"url": "https://consumer.huawei.com/en/support/bulletin/2023/7/"}, {"url": "https://device.harmonyos.com/en/docs/security/update/security-bulletins-202307-0000001587168858"}], "x_generator": {"engine": "Vulnogram 0.1.0-dev"}, "descriptions": [{"lang": "en", "value": "Vulnerability of signature verification in the iaware system being initialized later than the time when the system broadcasts are sent. Successful exploitation of this vulnerability may cause malicious apps to start upon power-on by spoofing the package names of apps in the startup trustlist, which affects system performance.", "supportingMedia": [{"type": "text/html", "value": "Vulnerability of signature verification in the iaware system being initialized later than the time when the system broadcasts are sent. Successful exploitation of this vulnerability may cause malicious apps to start upon power-on by spoofing the package names of apps in the startup trustlist, which affects system performance.", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-701", "description": "CWE-701 Weaknesses Introduced During Design"}]}], "providerMetadata": {"orgId": "25ac1063-e409-4190-8079-24548c77ea2e", "shortName": "huawei", "dateUpdated": "2023-07-06T12:53:19.166Z"}}}, "cveMetadata": {"cveId": "CVE-2022-48518", "state": "PUBLISHED", "dateUpdated": "2024-11-19T16:57:33.457Z", "dateReserved": "2023-06-29T11:23:50.334Z", "assignerOrgId": "25ac1063-e409-4190-8079-24548c77ea2e", "datePublished": "2023-07-06T12:53:19.166Z", "assignerShortName": "huawei"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:huawei:emui:12.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "A974CA73-84E8-480B-BB4C-4A81D0C985B2", "vulnerable": true}, {"criteria": "cpe:2.3:o:huawei:emui:12.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "2DF07E7F-3A18-4B74-B73D-DF3647C2A48F", "vulnerable": true}, {"criteria": "cpe:2.3:o:huawei:harmonyos:2.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "20112231-B840-44D3-A061-B9B9F80EE378", "vulnerable": true}, {"criteria": "cpe:2.3:o:huawei:harmonyos:2.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "64118936-E2A5-4935-8594-29DF29B5475A", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Vulnerability of signature verification in the iaware system being initialized later than the time when the system broadcasts are sent. Successful exploitation of this vulnerability may cause malicious apps to start upon power-on by spoofing the package names of apps in the startup trustlist, which affects system performance."}], "id": "CVE-2022-48518", "lastModified": "2024-11-21T07:33:29.100", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2023-07-06T13:15:10.563", "references": [{"source": "psirt@huawei.com", "tags": ["Vendor Advisory"], "url": "https://consumer.huawei.com/en/support/bulletin/2023/7/"}, {"source": "psirt@huawei.com", "tags": ["Vendor Advisory"], "url": "https://device.harmonyos.com/en/docs/security/update/security-bulletins-202307-0000001587168858"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://consumer.huawei.com/en/support/bulletin/2023/7/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://device.harmonyos.com/en/docs/security/update/security-bulletins-202307-0000001587168858"}], "sourceIdentifier": "psirt@huawei.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-701"}], "source": "psirt@huawei.com", "type": "Secondary"}, {"description": [{"lang": "en", "value": "CWE-665"}], "source": "nvd@nist.gov", "type": "Primary"}]}