What is the severity of CVE-2022-48518?

The severity of CVE-2022-48518 is considered high due to the potential for malicious applications to start without user consent.

How do I fix CVE-2022-48518?

To fix CVE-2022-48518, update affected devices to the latest patches provided by Huawei for EMUI and HarmonyOS.

Which versions are affected by CVE-2022-48518?

CVE-2022-48518 affects Huawei EMUI versions 12.0.0 and 12.0.1, as well as HarmonyOS versions 2.0.0 and 2.0.1.

What type of vulnerability is CVE-2022-48518?

CVE-2022-48518 is a vulnerability related to signature verification in the iaware system.

What could happen if CVE-2022-48518 is exploited?

If exploited, CVE-2022-48518 may allow malicious apps to launch at system startup by spoofing trusted app package names.

Vulnerability/
CVE-2022-48518

medium

5.5

CWE

665 701

6/7/2023

19/11/2024

CVE-2022-48518

First published: Thu Jul 06 2023(Updated: )

Vulnerability of signature verification in the iaware system being initialized later than the time when the system broadcasts are sent. Successful exploitation of this vulnerability may cause malicious apps to start upon power-on by spoofing the package names of apps in the startup trustlist, which affects system performance.

Credit: psirt@huawei.com

Affected Software	Affected Version	How to fix
Huawei EMUI	=12.0.0
Huawei EMUI	=12.0.1
Huawei HarmonyOS	=2.0.0
Huawei HarmonyOS	=2.0.1

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2022-48518?
The severity of CVE-2022-48518 is considered high due to the potential for malicious applications to start without user consent.
How do I fix CVE-2022-48518?
To fix CVE-2022-48518, update affected devices to the latest patches provided by Huawei for EMUI and HarmonyOS.
Which versions are affected by CVE-2022-48518?
CVE-2022-48518 affects Huawei EMUI versions 12.0.0 and 12.0.1, as well as HarmonyOS versions 2.0.0 and 2.0.1.
What type of vulnerability is CVE-2022-48518?
CVE-2022-48518 is a vulnerability related to signature verification in the iaware system.
What could happen if CVE-2022-48518 is exploited?
If exploited, CVE-2022-48518 may allow malicious apps to launch at system startup by spoofing trusted app package names.

agent/references
agent/weakness
agent/type
agent/softwarecombine
agent/author
agent/severity
agent/first-publish-date
agent/event
agent/description
collector/mitre-cve
source/MITRE
agent/last-modified-date
agent/source
agent/tags
collector/nvd-index
agent/software-canonical-lookup-request
vendor/huawei
canonical/huawei emui
version/huawei emui/12.0.0
version/huawei emui/12.0.1
canonical/huawei harmonyos
version/huawei harmonyos/2.0.0
version/huawei harmonyos/2.0.1

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.