Malicious App Management Flaw in iAware Module by Huawei
CVE-2022-39000

9.8CRITICAL

Key Information:

Vendor: Huawei
Status: Harmonyos; Emui; Magic Ui
Vendor: CVE Published:; 16 September 2022

Summary

The iAware module developed by Huawei contains a security flaw that compromises the management of malicious applications. Exploiting this vulnerability allows a malicious app to automatically execute during system startup, potentially putting user data and device integrity at risk. This security issue necessitates immediate attention from users to mitigate potential threats and maintain device security.

Affected Version(s)

EMUI 12.0.0

EMUI 11.0.1

EMUI 11.0.0

References

https://device.harmonyos.com/en/docs/security/update/secu...

x_refsource_MISC

https://consumer.huawei.com/en/support/bulletin/2022/9/

x_refsource_MISC

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Sep 16, 2022
Vulnerability Reserved
Aug 29, 2022