CVE-2022-37003

Description

The AOD module has a vulnerability in permission assignment. Successful exploitation of this vulnerability may cause permission escalation and unauthorized access to files.

CVSS breakdown

CVSS 3.1

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

Required

Scope

Unchanged

Confidentiality

High

Integrity

None

Availability

None

Affected products

Huawei / EMUI12.0.0 – 12.0.0
Huawei / EMUI11.0.0 – 11.0.0
Huawei / HarmonyOS2.0 – 2.0
Huawei / Magic UI4.0.0 – 4.0.0

References

MISChttps://consumer.huawei.com/en/support/bulletin/2022/8/
MISChttps://device.harmonyos.com/en/docs/security/update/security-bulletins-phones-202208-0000001363876177