CVE-2022-38081

OpenHarmony-v3.1.2 and prior versions have a permission bypass vulnerability. LAN attackers can bypass the distributed permission control.To take advantage of this weakness, attackers need another vulnerability to obtain system.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
6.2 MEDIUM
LOCAL
LOW
NONE
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
OpenHarmonyCNA
6.2 MEDIUM
LOCAL
LOW
NONE
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: Unknown
VendorProductVersion
openharmonyopenharmony
3.1 ≤
𝑥
≤ 3.1.2
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://gitee.com/openharmony/security/blob/master/en/security-disclosure/2022/2022-09.md
https://gitee.com/openharmony/security/blob/master/en/security-disclosure/2022/2022-09.md