Arbitrary File Read Vulnerability in OpenHarmony-v3.1.2 and Prior Versions via download_server

Arbitrary File Read Vulnerability in OpenHarmony-v3.1.2 and Prior Versions via download_server

CVE-2022-43449 · MEDIUM Severity

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

OpenHarmony-v3.1.2 and prior versions had an Arbitrary file read vulnerability via download_server. Local attackers can install an malicious application on the device and reveal any file from the filesystem that is accessible to download_server service which run with UID 1000.

Learn more about our Cis Benchmark Audit For Server Software.