Vulnerabilities > CVE-2022-42488 - Missing Authorization vulnerability in Openharmony 3.1/3.1.1/3.1.2

047910
CVSS 7.8 - HIGH
Attack vector
LOCAL
Attack complexity
LOW
Privileges required
LOW
Confidentiality impact
HIGH
Integrity impact
HIGH
Availability impact
HIGH
local
low complexity
openharmony
CWE-862

Summary

OpenHarmony-v3.1.2 and prior versions have a Missing permission validation vulnerability in param service of startup subsystem. An malicious application installed on the device could elevate its privileges to the root user, disable security features, or cause DoS by disabling particular services.

Vulnerable Configurations

Part Description Count
Application
Openharmony
9

Common Weakness Enumeration (CWE)