Описание
Vulnerability of signature verification in the iaware system being initialized later than the time when the system broadcasts are sent. Successful exploitation of this vulnerability may cause malicious apps to start upon power-on by spoofing the package names of apps in the startup trustlist, which affects system performance.
Ссылки
- Vendor Advisory
- Vendor Advisory
- Vendor Advisory
- Vendor Advisory
Уязвимые конфигурации
Конфигурация 1
Одно из
cpe:2.3:o:huawei:emui:12.0.0:*:*:*:*:*:*:*
cpe:2.3:o:huawei:emui:12.0.1:*:*:*:*:*:*:*
cpe:2.3:o:huawei:harmonyos:2.0.0:*:*:*:*:*:*:*
cpe:2.3:o:huawei:harmonyos:2.0.1:*:*:*:*:*:*:*
EPSS
Процентиль: 8%
0.00029
Низкий
5.5 Medium
CVSS3
Дефекты
CWE-701
CWE-665
Связанные уязвимости
CVSS3: 5.5
github
больше 2 лет назад
Vulnerability of signature verification in the iaware system being initialized later than the time when the system broadcasts are sent. Successful exploitation of this vulnerability may cause malicious apps to start upon power-on by spoofing the package names of apps in the startup trustlist, which affects system performance.
EPSS
Процентиль: 8%
0.00029
Низкий
5.5 Medium
CVSS3
Дефекты
CWE-701
CWE-665