Vulnerabilities > CVE-2023-26547 - Deserialization of Untrusted Data vulnerability in Huawei Emui and Harmonyos

CVSS 7.8 - HIGH

Attack vector

LOCAL

Attack complexity

LOW

Privileges required

LOW

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

local

low complexity

huawei

CWE-502

NVD

Published: 2023-03-27

Updated: 2023-04-03

Summary

The InputMethod module has a vulnerability of serialization/deserialization mismatch. Successful exploitation of this vulnerability may cause privilege escalation.

Vulnerable Configurations

Part	Description	Count
OS	Huawei Huawei Harmonyos 2.0 Huawei Harmonyos 2.1 Huawei Harmonyos 3.0.0 Huawei Harmonyos 2.0.1 Huawei Harmonyos 3.1.0 Huawei Emui 11.0.1 Huawei Emui 12.0.0 Huawei Emui 12.0.1 Huawei Emui 13.0.0	9

Common Weakness Enumeration (CWE)

CWE-502 - Deserialization of Untrusted Data

References

https://device.harmonyos.com/en/docs/security/update/security-bulletins-202303-0000001529824505
https://consumer.huawei.com/en/support/bulletin/2023/3/