Vulnerabilities > CVE-2023-26547 - Deserialization of Untrusted Data vulnerability in Huawei Emui and Harmonyos
Attack vector
LOCAL Attack complexity
LOW Privileges required
LOW Confidentiality impact
HIGH Integrity impact
HIGH Availability impact
HIGH Summary
The InputMethod module has a vulnerability of serialization/deserialization mismatch. Successful exploitation of this vulnerability may cause privilege escalation.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
OS | 9 |
Common Weakness Enumeration (CWE)
References
- https://consumer.huawei.com/en/support/bulletin/2023/3/
- https://consumer.huawei.com/en/support/bulletin/2023/3/
- https://device.harmonyos.com/en/docs/security/update/security-bulletins-202303-0000001529824505
- https://device.harmonyos.com/en/docs/security/update/security-bulletins-202303-0000001529824505