Details of VAR-202205-0481

ID

VAR-202205-0481

CVE

CVE-2022-29796

TITLE

Huawei of EMUI and HarmonyOS Vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2022-009625

DESCRIPTION

The HiAIserver has a vulnerability in verifying the validity of the weight used in the model.Successful exploitation of this vulnerability will affect AI services. Huawei of EMUI and HarmonyOS Exists in unspecified vulnerabilities.Service operation interruption (DoS) It may be in a state. HUAWEI HarmonyOS is an operating system of China's Huawei (HUAWEI). Provide a microkernel-based full-scenario distributed operating system

Trust: 1.8

sources: NVD: CVE-2022-29796 // JVNDB: JVNDB-2022-009625 // VULHUB: VHN-421305 // VULMON: CVE-2022-29796

AFFECTED PRODUCTS

vendor:	huawei	model:	emui	scope:	eq	version:	12.0.0	Trust: 1.0
vendor:	huawei	model:	harmonyos	scope:	eq	version:	2.0	Trust: 1.0
vendor:	huawei	model:	emui	scope:	-	version:	-	Trust: 0.8
vendor:	huawei	model:	harmonyos	scope:	-	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2022-009625 // NVD: CVE-2022-29796

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2022-29796
value:	HIGH
Trust: 1.0
NVD:	CVE-2022-29796
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-202205-2548
value:	HIGH
Trust: 0.6
VULHUB:	VHN-421305
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2022-29796
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-421305
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2022-29796
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	3.6
version:	3.1
Trust: 1.0
NVD:	CVE-2022-29796
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: VULHUB: VHN-421305 // JVNDB: JVNDB-2022-009625 // CNNVD: CNNVD-202205-2548 // NVD: CVE-2022-29796

PROBLEMTYPE DATA

problemtype:	NVD-CWE-noinfo	Trust: 1.0
problemtype:	Lack of information (CWE-noinfo) [NVD evaluation ]	Trust: 0.8

sources: JVNDB: JVNDB-2022-009625 // NVD: CVE-2022-29796

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202205-2548

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202205-2548

PATCH

title:

HUAWEI HarmonyOS Security vulnerabilities

url:

http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=193769

Trust: 0.6

sources: CNNVD: CNNVD-202205-2548

EXTERNAL IDS

db:	NVD	id:	CVE-2022-29796	Trust: 3.4
db:	JVNDB	id:	JVNDB-2022-009625	Trust: 0.8
db:	CNNVD	id:	CNNVD-202205-2548	Trust: 0.6
db:	CNVD	id:	CNVD-2022-53574	Trust: 0.1
db:	VULHUB	id:	VHN-421305	Trust: 0.1
db:	VULMON	id:	CVE-2022-29796	Trust: 0.1

sources: VULHUB: VHN-421305 // VULMON: CVE-2022-29796 // JVNDB: JVNDB-2022-009625 // CNNVD: CNNVD-202205-2548 // NVD: CVE-2022-29796

REFERENCES

url:	https://consumer.huawei.com/en/support/bulletin/2022/5/	Trust: 2.6
url:	https://device.harmonyos.com/en/docs/security/update/security-bulletins-phones-202205-0000001245813162	Trust: 2.6
url:	https://nvd.nist.gov/vuln/detail/cve-2022-29796	Trust: 0.8
url:	https://cxsecurity.com/cveshow/cve-2022-29796/	Trust: 0.6
url:	https://device.harmonyos.com/cn/docs/security/update/security-bulletins-202205-0000001292610341	Trust: 0.6
url:	https://nvd.nist.gov	Trust: 0.1

sources: VULHUB: VHN-421305 // VULMON: CVE-2022-29796 // JVNDB: JVNDB-2022-009625 // CNNVD: CNNVD-202205-2548 // NVD: CVE-2022-29796

SOURCES

db:	VULHUB	id:	VHN-421305
db:	VULMON	id:	CVE-2022-29796
db:	JVNDB	id:	JVNDB-2022-009625
db:	CNNVD	id:	CNNVD-202205-2548
db:	NVD	id:	CVE-2022-29796

LAST UPDATE DATE

2024-08-14T15:21:49.925000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-421305	date:	2022-05-23T00:00:00
db:	VULMON	id:	CVE-2022-29796	date:	2022-05-13T00:00:00
db:	JVNDB	id:	JVNDB-2022-009625	date:	2023-08-07T08:13:00
db:	CNNVD	id:	CNNVD-202205-2548	date:	2022-05-24T00:00:00
db:	NVD	id:	CVE-2022-29796	date:	2022-05-23T18:39:16.137

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-421305	date:	2022-05-13T00:00:00
db:	VULMON	id:	CVE-2022-29796	date:	2022-05-13T00:00:00
db:	JVNDB	id:	JVNDB-2022-009625	date:	2023-08-07T00:00:00
db:	CNNVD	id:	CNNVD-202205-2548	date:	2022-05-05T00:00:00
db:	NVD	id:	CVE-2022-29796	date:	2022-05-13T15:15:10.080