Main Vulnerability Database Vulnerabilities #VU61944

#VU61944 Improper Authentication in FLMG-10 - CVE-2022-22259

Published: April 7, 2022

Vulnerability identifier: #VU61944

Vulnerability risk: Low

CVSSv4.0: CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2022-22259

CWE-ID: CWE-287

Exploitation vector: Local access

Exploit availability: No public exploit available

Vulnerable software:
FLMG-10

Software vendor:
Huawei

Description

The vulnerability allows a local attacker to bypass authentication process.

The vulnerability exists due to improper authentication issue. An attacker with physical access can install persistent and stealthy bootkits or malicious bootloaders and gain unauthorized access to the device.

Remediation

Install updates from vendor's website.

External links

https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20220406-01-bdb62b17-en