PT-2022-17539 · Unknown · Wearable Manager Installer

H0Rd7

Published

2022-03-08

Updated

2022-03-16

CVE-2022-25814

CVSS v3.1

7.8

High

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Wearable Manager Installer versions prior to SMR Mar-2022 Release 1

Description The issue allows local attackers to perform unauthorized actions without permission by hijacking the PendingIntent. This can lead to exploitation where attackers gain access to perform actions that are not authorized.

Recommendations For versions prior to SMR Mar-2022 Release 1, update to SMR Mar-2022 Release 1 or later to resolve the issue. As a temporary workaround, consider restricting access to the Wearable Manager Installer to minimize the risk of exploitation.

Fix

Incorrect Default Permissions

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-276

Related Identifiers

CVE-2022-25814

Affected Products

Wearable Manager Installer

PT-2022-17539 · Unknown · Wearable Manager Installer

CVE-2022-25814

Weakness Enumeration

Related Identifiers

Affected Products

References · 4