Details of VAR-202205-0438

ID

VAR-202205-0438

CVE

CVE-2022-22261

TITLE

Huawei of EMUI and HarmonyOS Vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2022-009671

DESCRIPTION

The HiAIserver has a vulnerability in verifying the validity of the weight used in the model.Successful exploitation of this vulnerability will affect AI services. Huawei of EMUI and HarmonyOS Exists in unspecified vulnerabilities.Service operation interruption (DoS) It may be in a state. HUAWEI HarmonyOS is an operating system of China's Huawei (HUAWEI). Provide a microkernel-based full-scenario distributed operating system. There is a denial of service vulnerability in the HUAWEI HarmonyOS AI business component. The vulnerability is due to the fact that hiaiserver does not perform strict legality verification on the weights in the model

Trust: 1.8

sources: NVD: CVE-2022-22261 // JVNDB: JVNDB-2022-009671 // VULHUB: VHN-409790 // VULMON: CVE-2022-22261

AFFECTED PRODUCTS

vendor:	huawei	model:	emui	scope:	eq	version:	12.0.0	Trust: 1.0
vendor:	huawei	model:	harmonyos	scope:	eq	version:	2.0	Trust: 1.0
vendor:	huawei	model:	emui	scope:	-	version:	-	Trust: 0.8
vendor:	huawei	model:	harmonyos	scope:	-	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2022-009671 // NVD: CVE-2022-22261

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2022-22261
value:	HIGH
Trust: 1.0
NVD:	CVE-2022-22261
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-202205-2545
value:	HIGH
Trust: 0.6
VULHUB:	VHN-409790
value:	MEDIUM
Trust: 0.1
VULMON:	CVE-2022-22261
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2022-22261
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9
VULHUB:	VHN-409790
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2022-22261
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	3.6
version:	3.1
Trust: 1.0
NVD:	CVE-2022-22261
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: VULHUB: VHN-409790 // VULMON: CVE-2022-22261 // JVNDB: JVNDB-2022-009671 // CNNVD: CNNVD-202205-2545 // NVD: CVE-2022-22261

PROBLEMTYPE DATA

problemtype:	NVD-CWE-noinfo	Trust: 1.0
problemtype:	Lack of information (CWE-noinfo) [NVD evaluation ]	Trust: 0.8

sources: JVNDB: JVNDB-2022-009671 // NVD: CVE-2022-22261

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202205-2545

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202205-2545

PATCH

title:	HUAWEI HarmonyOS Security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=193766	Trust: 0.6
title:	CVE-2022-XXXX	url:	https://github.com/AlphabugX/CVE-2022-23305	Trust: 0.1
title:	CVE-2022-XXXX	url:	https://github.com/AlphabugX/CVE-2022-RCE	Trust: 0.1

sources: VULMON: CVE-2022-22261 // CNNVD: CNNVD-202205-2545

EXTERNAL IDS

db:	NVD	id:	CVE-2022-22261	Trust: 3.4
db:	JVNDB	id:	JVNDB-2022-009671	Trust: 0.8
db:	CNNVD	id:	CNNVD-202205-2545	Trust: 0.6
db:	CNVD	id:	CNVD-2022-41787	Trust: 0.1
db:	VULHUB	id:	VHN-409790	Trust: 0.1
db:	VULMON	id:	CVE-2022-22261	Trust: 0.1

sources: VULHUB: VHN-409790 // VULMON: CVE-2022-22261 // JVNDB: JVNDB-2022-009671 // CNNVD: CNNVD-202205-2545 // NVD: CVE-2022-22261

REFERENCES

url:	https://consumer.huawei.com/en/support/bulletin/2022/5/	Trust: 2.6
url:	https://device.harmonyos.com/en/docs/security/update/security-bulletins-phones-202205-0000001245813162	Trust: 2.6
url:	https://nvd.nist.gov/vuln/detail/cve-2022-22261	Trust: 0.8
url:	https://device.harmonyos.com/cn/docs/security/update/security-bulletins-202205-0000001292610341	Trust: 0.6
url:	https://cxsecurity.com/cveshow/cve-2022-22261/	Trust: 0.6
url:	https://cwe.mitre.org/data/definitions/.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1
url:	https://github.com/alphabugx/cve-2022-23305	Trust: 0.1

sources: VULHUB: VHN-409790 // VULMON: CVE-2022-22261 // JVNDB: JVNDB-2022-009671 // CNNVD: CNNVD-202205-2545 // NVD: CVE-2022-22261

SOURCES

db:	VULHUB	id:	VHN-409790
db:	VULMON	id:	CVE-2022-22261
db:	JVNDB	id:	JVNDB-2022-009671
db:	CNNVD	id:	CNNVD-202205-2545
db:	NVD	id:	CVE-2022-22261

LAST UPDATE DATE

2024-08-14T15:06:23.677000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-409790	date:	2022-05-23T00:00:00
db:	VULMON	id:	CVE-2022-22261	date:	2022-05-23T00:00:00
db:	JVNDB	id:	JVNDB-2022-009671	date:	2023-08-07T08:15:00
db:	CNNVD	id:	CNNVD-202205-2545	date:	2022-05-24T00:00:00
db:	NVD	id:	CVE-2022-22261	date:	2022-05-23T18:43:51.920

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-409790	date:	2022-05-13T00:00:00
db:	VULMON	id:	CVE-2022-22261	date:	2022-05-13T00:00:00
db:	JVNDB	id:	JVNDB-2022-009671	date:	2023-08-07T00:00:00
db:	CNNVD	id:	CNNVD-202205-2545	date:	2022-05-05T00:00:00
db:	NVD	id:	CVE-2022-22261	date:	2022-05-13T15:15:08.840