CVE-2022-43449

CVSS v3.1

6.2

Medium

Vector

AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions OpenHarmony versions 3.1.2 and prior

Description The issue allows local attackers to install a malicious application on the device and reveal any file from the filesystem that is accessible to the download server service, which runs with UID 1000. This is achieved through an arbitrary file read vulnerability via the download server.

Recommendations For OpenHarmony versions 3.1.2 and prior, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

RCE

Files Accessible to External Parties

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-20CWE-552

Related Identifiers

CVE-2022-43449

Affected Products

Openharmony

CVE-2022-43449

Weakness Enumeration

Related Identifiers

Affected Products

References · 5