CVE-2022-48518

MEDIUM

Huawei EMUI and HarmonyOS - Improper Initialization in Signature Verification

Title source: llm

Description

Vulnerability of signature verification in the iaware system being initialized later than the time when the system broadcasts are sent. Successful exploitation of this vulnerability may cause malicious apps to start upon power-on by spoofing the package names of apps in the startup trustlist, which affects system performance.

References (2)

Core 2

Core References

Vendor Advisory

https://consumer.huawei.com/en/support/bulletin/2023/7/

Vendor Advisory

https://device.harmonyos.com/en/docs/security/update/security-bulletins-202307-0000001587168858

Scores

CVSS v3 5.5

EPSS 0.0012

EPSS Percentile 2.3%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-665 CWE-701

Status published

Products (4)

huawei/emui 12.0.0

huawei/emui 12.0.1

huawei/harmonyos 2.0.0

huawei/harmonyos 2.0.1

Published Jul 06, 2023

Tracked Since Feb 18, 2026