CVE-2022-44555

Published: Nov 9, 2022Modified: May 1, 2025

7.5

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Exploitability: 3.9 / Impact: 3.6

Source: NVD

Description

The DDMP/ODMF module has a service hijacking vulnerability. Successful exploit of this vulnerability may cause services to be unavailable.

Affected (6)

Products: Huawei: Harmonyos, Emui

2 products

Configuration A

3 vulnerable

Vulnerable Software	Affected Versions
Huawei Harmonyos	Version 2.0
Huawei Harmonyos	Version 2.1
Huawei Harmonyos	Version 3.0.0

Configuration B

3 vulnerable

Vulnerable Software	Affected Versions
Huawei Emui	Version 11.0.1
Huawei Emui	Version 12.0.0
Huawei Emui	Version 12.0.1

Related CWEs

Authentication Bypass by Capture-replay

A capture-replay flaw exists when the design of the product makes it possible for a malicious user to sniff network traffic and bypass authentication by replaying it to the server in question to the same effect as the original message (or with minor changes).

References (4)

https://consumer.huawei.com/en/support/bulletin/2022/11/

Source: psirt@huawei.com

Vendor Advisory

https://device.harmonyos.com/en/docs/security/update/security-bulletins-phones-202211-0000001441016433

Source: psirt@huawei.com

Vendor Advisory

https://consumer.huawei.com/en/support/bulletin/2022/11/

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

https://device.harmonyos.com/en/docs/security/update/security-bulletins-phones-202211-0000001441016433

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.