Details of VAR-202204-1291

ID

VAR-202204-1291

CVE

CVE-2022-22254

TITLE

plural Huawei Fraudulent Authentication Vulnerability in Products

Trust: 0.8

sources: JVNDB: JVNDB-2022-008144

DESCRIPTION

A permission bypass vulnerability exists when the NFC CAs access the TEE.Successful exploitation of this vulnerability may affect data confidentiality. Huawei of EMUI , HarmonyOS , Magic UI Exists in a fraudulent authentication vulnerability.Information may be obtained. Huawei HarmonyOS is an operating system of the Chinese company Huawei. Provide a microkernel-based full-scenario distributed operating system. Huawei HarmonyOS has an authorization issue vulnerability. This vulnerability stems from the lack of authentication measures or insufficient authentication strength in network systems or products. An attacker could exploit this vulnerability to cause unauthorized access

Trust: 1.8

sources: NVD: CVE-2022-22254 // JVNDB: JVNDB-2022-008144 // VULHUB: VHN-409783 // VULMON: CVE-2022-22254

AFFECTED PRODUCTS

vendor:	huawei	model:	magic ui	scope:	eq	version:	3.1.0	Trust: 1.0
vendor:	huawei	model:	magic ui	scope:	eq	version:	3.0.0	Trust: 1.0
vendor:	huawei	model:	emui	scope:	eq	version:	10.1.0	Trust: 1.0
vendor:	huawei	model:	emui	scope:	eq	version:	11.0.0	Trust: 1.0
vendor:	huawei	model:	emui	scope:	eq	version:	10.0.0	Trust: 1.0
vendor:	huawei	model:	harmonyos	scope:	eq	version:	2.0	Trust: 1.0
vendor:	huawei	model:	magic ui	scope:	eq	version:	4.0.0	Trust: 1.0
vendor:	huawei	model:	magic ui	scope:	eq	version:	3.1.1	Trust: 1.0
vendor:	huawei	model:	emui	scope:	eq	version:	12.0.0	Trust: 1.0
vendor:	huawei	model:	emui	scope:	eq	version:	10.1.1	Trust: 1.0
vendor:	huawei	model:	emui	scope:	eq	version:	11.0.1	Trust: 1.0
vendor:	huawei	model:	magic ui	scope:	-	version:	-	Trust: 0.8
vendor:	huawei	model:	emui	scope:	-	version:	-	Trust: 0.8
vendor:	huawei	model:	harmonyos	scope:	-	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2022-008144 // NVD: CVE-2022-22254

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2022-22254
value:	HIGH
Trust: 1.0
NVD:	CVE-2022-22254
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-202204-2034
value:	HIGH
Trust: 0.6
VULHUB:	VHN-409783
value:	MEDIUM
Trust: 0.1
VULMON:	CVE-2022-22254
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2022-22254
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9
VULHUB:	VHN-409783
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2022-22254
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	3.6
version:	3.1
Trust: 1.0
NVD:	CVE-2022-22254
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: VULHUB: VHN-409783 // VULMON: CVE-2022-22254 // JVNDB: JVNDB-2022-008144 // CNNVD: CNNVD-202204-2034 // NVD: CVE-2022-22254

PROBLEMTYPE DATA

problemtype:	NVD-CWE-noinfo	Trust: 1.0
problemtype:	Illegal authentication (CWE-863) [NVD evaluation ]	Trust: 0.8
problemtype:	CWE-863	Trust: 0.1

sources: VULHUB: VHN-409783 // JVNDB: JVNDB-2022-008144 // NVD: CVE-2022-22254

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202204-2034

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202204-2034

PATCH

title:	Huawei HarmonyOS Security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=190070	Trust: 0.6
title:	CVE-2022-XXXX	url:	https://github.com/AlphabugX/CVE-2022-23305	Trust: 0.1
title:	CVE-2022-XXXX	url:	https://github.com/AlphabugX/CVE-2022-RCE	Trust: 0.1

sources: VULMON: CVE-2022-22254 // CNNVD: CNNVD-202204-2034

EXTERNAL IDS

db:	NVD	id:	CVE-2022-22254	Trust: 3.4
db:	JVNDB	id:	JVNDB-2022-008144	Trust: 0.8
db:	CNNVD	id:	CNNVD-202204-2034	Trust: 0.6
db:	CNVD	id:	CNVD-2022-44622	Trust: 0.1
db:	VULHUB	id:	VHN-409783	Trust: 0.1
db:	VULMON	id:	CVE-2022-22254	Trust: 0.1

sources: VULHUB: VHN-409783 // VULMON: CVE-2022-22254 // JVNDB: JVNDB-2022-008144 // CNNVD: CNNVD-202204-2034 // NVD: CVE-2022-22254

REFERENCES

url:	https://consumer.huawei.com/en/support/bulletin/2022/4/	Trust: 2.6
url:	https://device.harmonyos.com/en/docs/security/update/security-bulletins-phones-202204-0000001224076294	Trust: 2.6
url:	https://nvd.nist.gov/vuln/detail/cve-2022-22254	Trust: 0.8
url:	https://device.harmonyos.com/cn/docs/security/update/security-bulletins-202204-0000001266901897	Trust: 0.6
url:	https://cxsecurity.com/cveshow/cve-2022-22254/	Trust: 0.6
url:	https://cwe.mitre.org/data/definitions/.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1
url:	https://github.com/alphabugx/cve-2022-23305	Trust: 0.1

sources: VULHUB: VHN-409783 // VULMON: CVE-2022-22254 // JVNDB: JVNDB-2022-008144 // CNNVD: CNNVD-202204-2034 // NVD: CVE-2022-22254

SOURCES

db:	VULHUB	id:	VHN-409783
db:	VULMON	id:	CVE-2022-22254
db:	JVNDB	id:	JVNDB-2022-008144
db:	CNNVD	id:	CNNVD-202204-2034
db:	NVD	id:	CVE-2022-22254

LAST UPDATE DATE

2024-08-14T14:49:51.671000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-409783	date:	2022-04-19T00:00:00
db:	VULMON	id:	CVE-2022-22254	date:	2023-08-08T00:00:00
db:	JVNDB	id:	JVNDB-2022-008144	date:	2023-07-24T08:23:00
db:	CNNVD	id:	CNNVD-202204-2034	date:	2022-04-20T00:00:00
db:	NVD	id:	CVE-2022-22254	date:	2023-08-08T14:22:24.967

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-409783	date:	2022-04-11T00:00:00
db:	VULMON	id:	CVE-2022-22254	date:	2022-04-11T00:00:00
db:	JVNDB	id:	JVNDB-2022-008144	date:	2023-07-24T00:00:00
db:	CNNVD	id:	CNNVD-202204-2034	date:	2022-04-05T00:00:00
db:	NVD	id:	CVE-2022-22254	date:	2022-04-11T20:15:19.567