CVE-2022-42488: Startup subsystem missed permission validation in param service. An malicious application installed on the device could elevate its privileges to the root user, disable security features, or cause DoS by disabling particular services.
First published: Fri Oct 14 2022(Updated: )
OpenHarmony-v3.1.2 and prior versions have a Missing permission validation vulnerability in param service of startup subsystem. An malicious application installed on the device could elevate its privileges to the root user, disable security features, or cause DoS by disabling particular services.
Credit: scy@openharmony.io
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Openharmony Openharmony | >=3.1<3.1.2 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID for the Missing permission validation vulnerability in OpenHarmony?
The vulnerability is identified as CVE-2022-42488.
What is the severity of CVE-2022-42488?
The severity of CVE-2022-42488 is high with a CVSS score of 7.8.
Which software versions are affected by CVE-2022-42488?
OpenHarmony-v3.1.2 and prior versions are affected by CVE-2022-42488.
What is the impact of CVE-2022-42488?
An malicious application installed on the device could elevate its privileges to the root user, disable security features, or cause Denial of Service (DoS) by disabling particular services.
Is there a fix available for CVE-2022-42488?
It is recommended to update to OpenHarmony version 3.1.2 or higher to fix the vulnerability.
- collector/nvd-index
- agent/weakness
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/references
- agent/author
- agent/severity
- agent/title
- agent/tags
- agent/first-publish-date
- agent/event
- agent/description
- vendor/openharmony
- canonical/openharmony openharmony
- version/openharmony openharmony/3.1