Sign-up

ID

VAR-202204-0754


CVE

CVE-2022-22256


TITLE

plural  Huawei  Product vulnerabilities

Trust: 0.8

sources: JVNDB: JVNDB-2022-008143

DESCRIPTION

The DFX module has an access control vulnerability.Successful exploitation of this vulnerability may affect data confidentiality. Huawei of EMUI , HarmonyOS , Magic UI Exists in unspecified vulnerabilities.Information may be obtained. Huawei HarmonyOS is an operating system of the Chinese company Huawei. Provide a microkernel-based full-scenario distributed operating system. This vulnerability stems from network systems or products not properly restricting access to resources from unauthorized roles. An attacker could exploit this vulnerability to cause unauthorized access

Trust: 1.8

sources: NVD: CVE-2022-22256 // JVNDB: JVNDB-2022-008143 // VULHUB: VHN-409785 // VULMON: CVE-2022-22256

AFFECTED PRODUCTS

vendor:huaweimodel:magic uiscope:eqversion:3.1.0

Trust: 1.0

vendor:huaweimodel:magic uiscope:eqversion:3.0.0

Trust: 1.0

vendor:huaweimodel:emuiscope:eqversion:10.1.0

Trust: 1.0

vendor:huaweimodel:emuiscope:eqversion:11.0.0

Trust: 1.0

vendor:huaweimodel:emuiscope:eqversion:10.0.0

Trust: 1.0

vendor:huaweimodel:harmonyosscope:eqversion:2.0

Trust: 1.0

vendor:huaweimodel:magic uiscope:eqversion:4.0.0

Trust: 1.0

vendor:huaweimodel:magic uiscope:eqversion:3.1.1

Trust: 1.0

vendor:huaweimodel:emuiscope:eqversion:12.0.0

Trust: 1.0

vendor:huaweimodel:emuiscope:eqversion:10.1.1

Trust: 1.0

vendor:huaweimodel:emuiscope:eqversion:11.0.1

Trust: 1.0

vendor:huaweimodel:magic uiscope: - version: -

Trust: 0.8

vendor:huaweimodel:emuiscope: - version: -

Trust: 0.8

vendor:huaweimodel:harmonyosscope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2022-008143 // NVD: CVE-2022-22256

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2022-22256
value: HIGH

Trust: 1.0

NVD: CVE-2022-22256
value: HIGH

Trust: 0.8

CNNVD: CNNVD-202204-2017
value: HIGH

Trust: 0.6

VULHUB: VHN-409785
value: MEDIUM

Trust: 0.1

VULMON: CVE-2022-22256
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2022-22256
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

VULHUB: VHN-409785
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2022-22256
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 3.6
version: 3.1

Trust: 1.0

NVD: CVE-2022-22256
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-409785 // VULMON: CVE-2022-22256 // JVNDB: JVNDB-2022-008143 // CNNVD: CNNVD-202204-2017 // NVD: CVE-2022-22256

PROBLEMTYPE DATA

problemtype:NVD-CWE-noinfo

Trust: 1.0

problemtype:Lack of information (CWE-noinfo) [NVD evaluation ]

Trust: 0.8

sources: JVNDB: JVNDB-2022-008143 // NVD: CVE-2022-22256

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202204-2017

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202204-2017

PATCH

title:Huawei HarmonyOS Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=190069

Trust: 0.6

sources: CNNVD: CNNVD-202204-2017

EXTERNAL IDS

db:NVDid:CVE-2022-22256

Trust: 3.4

db:JVNDBid:JVNDB-2022-008143

Trust: 0.8

db:CNNVDid:CNNVD-202204-2017

Trust: 0.6

db:CNVDid:CNVD-2022-44625

Trust: 0.1

db:VULHUBid:VHN-409785

Trust: 0.1

db:VULMONid:CVE-2022-22256

Trust: 0.1

sources: VULHUB: VHN-409785 // VULMON: CVE-2022-22256 // JVNDB: JVNDB-2022-008143 // CNNVD: CNNVD-202204-2017 // NVD: CVE-2022-22256

REFERENCES

url:https://consumer.huawei.com/en/support/bulletin/2022/4/

Trust: 2.6

url:https://device.harmonyos.com/en/docs/security/update/security-bulletins-phones-202204-0000001224076294

Trust: 2.6

url:https://nvd.nist.gov/vuln/detail/cve-2022-22256

Trust: 0.8

url:https://cxsecurity.com/cveshow/cve-2022-22256/

Trust: 0.6

url:https://device.harmonyos.com/cn/docs/security/update/security-bulletins-202204-0000001266901897

Trust: 0.6

url:https://cwe.mitre.org/data/definitions/.html

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

sources: VULHUB: VHN-409785 // VULMON: CVE-2022-22256 // JVNDB: JVNDB-2022-008143 // CNNVD: CNNVD-202204-2017 // NVD: CVE-2022-22256

SOURCES

db:VULHUBid:VHN-409785
db:VULMONid:CVE-2022-22256
db:JVNDBid:JVNDB-2022-008143
db:CNNVDid:CNNVD-202204-2017
db:NVDid:CVE-2022-22256

LAST UPDATE DATE

2024-08-14T15:01:04.862000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-409785date:2022-04-19T00:00:00
db:VULMONid:CVE-2022-22256date:2022-04-19T00:00:00
db:JVNDBid:JVNDB-2022-008143date:2023-07-24T08:23:00
db:CNNVDid:CNNVD-202204-2017date:2022-04-20T00:00:00
db:NVDid:CVE-2022-22256date:2022-04-19T14:49:07.153

SOURCES RELEASE DATE

db:VULHUBid:VHN-409785date:2022-04-11T00:00:00
db:VULMONid:CVE-2022-22256date:2022-04-11T00:00:00
db:JVNDBid:JVNDB-2022-008143date:2023-07-24T00:00:00
db:CNNVDid:CNNVD-202204-2017date:2022-04-05T00:00:00
db:NVDid:CVE-2022-22256date:2022-04-11T20:15:19.657