Details of VAR-202205-0249

ID

VAR-202205-0249

CVE

CVE-2022-29791

TITLE

Huawei of EMUI and HarmonyOS Vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2022-009630

DESCRIPTION

The HiAIserver has a vulnerability in verifying the validity of the weight used in the model.Successful exploitation of this vulnerability will affect AI services. Huawei of EMUI and HarmonyOS Exists in unspecified vulnerabilities.Service operation interruption (DoS) It may be in a state. HUAWEI HarmonyOS is an operating system of China's Huawei (HUAWEI). Provide a microkernel-based full-scenario distributed operating system

Trust: 1.8

sources: NVD: CVE-2022-29791 // JVNDB: JVNDB-2022-009630 // VULHUB: VHN-421300 // VULMON: CVE-2022-29791

AFFECTED PRODUCTS

vendor:	huawei	model:	emui	scope:	eq	version:	12.0.0	Trust: 1.0
vendor:	huawei	model:	harmonyos	scope:	eq	version:	2.0	Trust: 1.0
vendor:	huawei	model:	emui	scope:	-	version:	-	Trust: 0.8
vendor:	huawei	model:	harmonyos	scope:	-	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2022-009630 // NVD: CVE-2022-29791

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2022-29791
value:	HIGH
Trust: 1.0
NVD:	CVE-2022-29791
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-202205-2546
value:	HIGH
Trust: 0.6
VULHUB:	VHN-421300
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2022-29791
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-421300
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2022-29791
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	3.6
version:	3.1
Trust: 1.0
NVD:	CVE-2022-29791
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: VULHUB: VHN-421300 // JVNDB: JVNDB-2022-009630 // CNNVD: CNNVD-202205-2546 // NVD: CVE-2022-29791

PROBLEMTYPE DATA

problemtype:	NVD-CWE-noinfo	Trust: 1.0
problemtype:	Lack of information (CWE-noinfo) [NVD evaluation ]	Trust: 0.8

sources: JVNDB: JVNDB-2022-009630 // NVD: CVE-2022-29791

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202205-2546

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202205-2546

PATCH

title:

HUAWEI HarmonyOS Security vulnerabilities

url:

http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=193767

Trust: 0.6

sources: CNNVD: CNNVD-202205-2546

EXTERNAL IDS

db:	NVD	id:	CVE-2022-29791	Trust: 3.4
db:	JVNDB	id:	JVNDB-2022-009630	Trust: 0.8
db:	CNNVD	id:	CNNVD-202205-2546	Trust: 0.6
db:	CNVD	id:	CNVD-2022-53575	Trust: 0.1
db:	VULHUB	id:	VHN-421300	Trust: 0.1
db:	VULMON	id:	CVE-2022-29791	Trust: 0.1

sources: VULHUB: VHN-421300 // VULMON: CVE-2022-29791 // JVNDB: JVNDB-2022-009630 // CNNVD: CNNVD-202205-2546 // NVD: CVE-2022-29791

REFERENCES

url:	https://consumer.huawei.com/en/support/bulletin/2022/5/	Trust: 2.6
url:	https://device.harmonyos.com/en/docs/security/update/security-bulletins-phones-202205-0000001245813162	Trust: 2.6
url:	https://nvd.nist.gov/vuln/detail/cve-2022-29791	Trust: 0.8
url:	https://device.harmonyos.com/cn/docs/security/update/security-bulletins-202205-0000001292610341	Trust: 0.6
url:	https://cxsecurity.com/cveshow/cve-2022-29791/	Trust: 0.6
url:	https://nvd.nist.gov	Trust: 0.1

sources: VULHUB: VHN-421300 // VULMON: CVE-2022-29791 // JVNDB: JVNDB-2022-009630 // CNNVD: CNNVD-202205-2546 // NVD: CVE-2022-29791

SOURCES

db:	VULHUB	id:	VHN-421300
db:	VULMON	id:	CVE-2022-29791
db:	JVNDB	id:	JVNDB-2022-009630
db:	CNNVD	id:	CNNVD-202205-2546
db:	NVD	id:	CVE-2022-29791

LAST UPDATE DATE

2024-08-14T15:06:24.125000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-421300	date:	2022-05-23T00:00:00
db:	VULMON	id:	CVE-2022-29791	date:	2022-05-13T00:00:00
db:	JVNDB	id:	JVNDB-2022-009630	date:	2023-08-07T08:14:00
db:	CNNVD	id:	CNNVD-202205-2546	date:	2022-05-24T00:00:00
db:	NVD	id:	CVE-2022-29791	date:	2022-05-23T18:42:20.940

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-421300	date:	2022-05-13T00:00:00
db:	VULMON	id:	CVE-2022-29791	date:	2022-05-13T00:00:00
db:	JVNDB	id:	JVNDB-2022-009630	date:	2023-08-07T00:00:00
db:	CNNVD	id:	CNNVD-202205-2546	date:	2022-05-05T00:00:00
db:	NVD	id:	CVE-2022-29791	date:	2022-05-13T15:15:09.837