CVE-2021-22294 - A component API of the HarmonyOS 2.0 has a permission bypass vulnerability. Local attackers may expl

CVE-2021-22294

Summary

A component API of the HarmonyOS 2.0 has a permission bypass vulnerability. Local attackers may exploit this vulnerability to issue commands repeatedly, exhausting system service resources.

References

https://gitee.com/openharmony/security/blob/master/zh/security-disclosure/2021/2021-03.md

Vulnerable Configurations

cpe:2.3:o:huawei:harmonyos:2.0:*:*:*:*:*:*:*
cpe:2.3:o:huawei:harmonyos:2.0:*:*:*:*:*:*:*

CVSS

Base:	2.1 (as of 09-03-2021 - 14:18)
Impact:
Exploitability:

CWE

NVD-CWE-noinfo

CAPEC

Access

Vector	Complexity	Authentication
LOCAL	LOW	NONE

Impact

Confidentiality	Integrity	Availability
NONE	NONE	PARTIAL

cvss-vector via4

AV:L/AC:L/Au:N/C:N/I:N/A:P

Last major update

09-03-2021 - 14:18

Published

02-03-2021 - 19:15

Last modified

09-03-2021 - 14:18