exploitDog

CVE-2022-42463

Опубликовано: 14 окт. 2022

Источник: nvd

CVSS3: 8.3

CVSS3: 8.8

EPSS Низкий

Описание

OpenHarmony-v3.1.2 and prior versions have an authenication bypass vulnerability in a callback handler function of Softbus_server in communication subsystem. Attackers can launch attacks on distributed networks by sending Bluetooth rfcomm packets to any remote device and executing arbitrary commands.

Ссылки

https://gitee.com/openharmony/security/blob/master/en/security-disclosure/2022/2022-10.md
Third Party Advisory
https://gitee.com/openharmony/security/blob/master/en/security-disclosure/2022/2022-10.md
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:openharmony:openharmony:*:*:*:*:*:*:*:*

Версия от 3.1 (включая) до 3.1.2 (включая)

EPSS

Процентиль: 28%

0.00103

Низкий

8.3 High

CVSS3

8.8 High

CVSS3

Дефекты

CWE-287

CWE-287

Связанные уязвимости

GHSA-j43q-9x66-wv6c

CVSS3: 8.8

github

больше 3 лет назад

OpenHarmony-v3.1.2 and prior versions have an authenication bypass vulnerability in a callback handler function of Softbus_server in communication subsystem. Attackers can launch attacks on distributed networks by sending Bluetooth rfcomm packets to any remote device and executing arbitrary commands.

EPSS

Процентиль: 28%

0.00103

Низкий

8.3 High

CVSS3

8.8 High

CVSS3

Дефекты

CWE-287

CWE-287