Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2022-42463— Softbus_server in communication subsystem has a authenication bypass vulnerability in a callback handler function. Attackers can launch attacks on distributed networks by sending Bluetooth rfcomm packets to any remote device and executing arbitrary co ...

CVSS 8.3 · High EPSS 0.10% · P28
Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2022-42463

Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title
Softbus_server in communication subsystem has a authenication bypass vulnerability in a callback handler function. Attackers can launch attacks on distributed networks by sending Bluetooth rfcomm packets to any remote device and executing arbitrary co ...
Source: NVD (National Vulnerability Database)
Vulnerability Description
OpenHarmony-v3.1.2 and prior versions have an authenication bypass vulnerability in a callback handler function of Softbus_server in communication subsystem. Attackers can launch attacks on distributed networks by sending Bluetooth rfcomm packets to any remote device and executing arbitrary commands.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H
Source: NVD (National Vulnerability Database)
Vulnerability Type
认证机制不恰当
Source: NVD (National Vulnerability Database)
Vulnerability Title
OpenHarmony 授权问题漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
OpenHarmony是中国OpenAtom Foundation基金会的一种鸿蒙操作系统的开源项目。 OpenHarmony v3.1.2及以前版本存在安全漏洞,该漏洞源于其通信子系统中Softbus_server的回调函数允许攻击者绕过身份认证实现向任何远程设备发送蓝牙rfcomm报文并执行任意命令来对分布式网络发起攻击。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)

Affected Products

VendorProductAffected VersionsCPESubscribe
OpenHarmonyOpenHarmony OpenHarmony-v3.1.x-Release ~ 3.1.2 -

II. Public POCs for CVE-2022-42463

#POC DescriptionSource LinkShenlong Link
AI-Generated POCPremium

No public POC found.

Login to generate AI POC

III. Intelligence Information for CVE-2022-42463

登录查看更多情报信息。

Same Patch Batch · OpenHarmony · 2022-10-14 · 4 CVEs total

CVE-2022-424888.4 HIGHStartup subsystem missed permission validation in param service. An malicious application
CVE-2022-424646.7 MEDIUMKernel memory pool override in /dev/mmz_userdev device driver. The impact depends on the p
CVE-2022-416865.1 MEDIUMOut-of-bound memory read and write in /dev/mmz_userdev device driver. The impact depends o

IV. Related Vulnerabilities

Same product: OpenHarmony
Same vendor: OpenHarmony
Same weakness: CWE-287

V. Comments for CVE-2022-42463

No comments yet

Leave a comment