Details of VAR-202205-0115

ID

VAR-202205-0115

CVE

CVE-2022-29792

TITLE

Huawei of EMUI and HarmonyOS Vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2022-009629

DESCRIPTION

The chip component has a vulnerability of disclosing CPU SNs.Successful exploitation of this vulnerability may affect data confidentiality. Huawei of EMUI and HarmonyOS Exists in unspecified vulnerabilities.Information may be obtained. HUAWEI HarmonyOS is an operating system of China's Huawei (HUAWEI). Provide a microkernel-based full-scenario distributed operating system. There is a security vulnerability in the HUAWEI HarmonyOS security component

Trust: 1.8

sources: NVD: CVE-2022-29792 // JVNDB: JVNDB-2022-009629 // VULHUB: VHN-421301 // VULMON: CVE-2022-29792

AFFECTED PRODUCTS

vendor:	huawei	model:	emui	scope:	eq	version:	12.0.0	Trust: 1.0
vendor:	huawei	model:	harmonyos	scope:	eq	version:	2.0	Trust: 1.0
vendor:	huawei	model:	emui	scope:	-	version:	-	Trust: 0.8
vendor:	huawei	model:	harmonyos	scope:	-	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2022-009629 // NVD: CVE-2022-29792

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2022-29792
value:	HIGH
Trust: 1.0
NVD:	CVE-2022-29792
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-202205-2550
value:	HIGH
Trust: 0.6
VULHUB:	VHN-421301
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2022-29792
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-421301
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2022-29792
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	3.6
version:	3.1
Trust: 1.0
NVD:	CVE-2022-29792
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: VULHUB: VHN-421301 // JVNDB: JVNDB-2022-009629 // CNNVD: CNNVD-202205-2550 // NVD: CVE-2022-29792

PROBLEMTYPE DATA

problemtype:	NVD-CWE-noinfo	Trust: 1.0
problemtype:	Lack of information (CWE-noinfo) [NVD evaluation ]	Trust: 0.8

sources: JVNDB: JVNDB-2022-009629 // NVD: CVE-2022-29792

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202205-2550

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202205-2550

PATCH

title:

HUAWEI HarmonyOS Security vulnerabilities

url:

http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=193771

Trust: 0.6

sources: CNNVD: CNNVD-202205-2550

EXTERNAL IDS

db:	NVD	id:	CVE-2022-29792	Trust: 3.4
db:	JVNDB	id:	JVNDB-2022-009629	Trust: 0.8
db:	CNNVD	id:	CNNVD-202205-2550	Trust: 0.6
db:	CNVD	id:	CNVD-2022-50634	Trust: 0.1
db:	VULHUB	id:	VHN-421301	Trust: 0.1
db:	VULMON	id:	CVE-2022-29792	Trust: 0.1

sources: VULHUB: VHN-421301 // VULMON: CVE-2022-29792 // JVNDB: JVNDB-2022-009629 // CNNVD: CNNVD-202205-2550 // NVD: CVE-2022-29792

REFERENCES

url:	https://consumer.huawei.com/en/support/bulletin/2022/5/	Trust: 2.6
url:	https://device.harmonyos.com/en/docs/security/update/security-bulletins-phones-202205-0000001245813162	Trust: 2.6
url:	https://nvd.nist.gov/vuln/detail/cve-2022-29792	Trust: 0.8
url:	https://device.harmonyos.com/cn/docs/security/update/security-bulletins-202205-0000001292610341	Trust: 0.6
url:	https://cxsecurity.com/cveshow/cve-2022-29792/	Trust: 0.6
url:	https://nvd.nist.gov	Trust: 0.1

sources: VULHUB: VHN-421301 // VULMON: CVE-2022-29792 // JVNDB: JVNDB-2022-009629 // CNNVD: CNNVD-202205-2550 // NVD: CVE-2022-29792

SOURCES

db:	VULHUB	id:	VHN-421301
db:	VULMON	id:	CVE-2022-29792
db:	JVNDB	id:	JVNDB-2022-009629
db:	CNNVD	id:	CNNVD-202205-2550
db:	NVD	id:	CVE-2022-29792

LAST UPDATE DATE

2024-08-14T14:02:40.527000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-421301	date:	2022-05-23T00:00:00
db:	VULMON	id:	CVE-2022-29792	date:	2022-05-13T00:00:00
db:	JVNDB	id:	JVNDB-2022-009629	date:	2023-08-07T08:14:00
db:	CNNVD	id:	CNNVD-202205-2550	date:	2022-05-24T00:00:00
db:	NVD	id:	CVE-2022-29792	date:	2022-05-23T18:41:49.983

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-421301	date:	2022-05-13T00:00:00
db:	VULMON	id:	CVE-2022-29792	date:	2022-05-13T00:00:00
db:	JVNDB	id:	JVNDB-2022-009629	date:	2023-08-07T00:00:00
db:	CNNVD	id:	CNNVD-202205-2550	date:	2022-05-05T00:00:00
db:	NVD	id:	CVE-2022-29792	date:	2022-05-13T15:15:09.887