Vulnerabilities > CVE-2022-41596 - Deserialization of Untrusted Data vulnerability in Huawei Emui and Harmonyos

CVSS 7.5 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

HIGH

Availability impact

NONE

network

low complexity

huawei

CWE-502

NVD

Published: 2022-12-20

Updated: 2022-12-24

Summary

The system tool has inconsistent serialization and deserialization. Successful exploitation of this vulnerability will cause unauthorized startup of components.

Vulnerable Configurations

Part	Description	Count
OS	Huawei Huawei Harmonyos - Huawei Harmonyos 2.0 Huawei Harmonyos 2.0.0 Huawei Harmonyos 2.0.1 Huawei Emui 11.0.1 Huawei Emui 12.0.0 Huawei Emui 12.0.1	7

Common Weakness Enumeration (CWE)

CWE-502 - Deserialization of Untrusted Data

References

https://consumer.huawei.com/en/support/bulletin/2022/12/
https://device.harmonyos.com/en/docs/security/update/security-bulletins-202212-0000001462975397