Details of VAR-202206-0869

ID

VAR-202206-0869

CVE

CVE-2022-31761

TITLE

Huawei of EMUI and Magic UI Vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2022-011278

DESCRIPTION

Configuration defects in the secure OS module. Successful exploitation of this vulnerability will affect confidentiality. Huawei of EMUI and Magic UI Exists in unspecified vulnerabilities.Information may be obtained. HUAWEI EMUI is a mobile operating system developed by China Huawei (HUAWEI) based on Android. There is a security vulnerability in HUAWEI EMUI. Attackers can exploit this vulnerability to obtain system secrets. 1. Magic UI 4.0.0

Trust: 1.8

sources: NVD: CVE-2022-31761 // JVNDB: JVNDB-2022-011278 // VULHUB: VHN-423594 // VULMON: CVE-2022-31761

AFFECTED PRODUCTS

vendor:	huawei	model:	emui	scope:	eq	version:	11.0.0	Trust: 1.0
vendor:	huawei	model:	emui	scope:	eq	version:	10.1.1	Trust: 1.0
vendor:	huawei	model:	magic ui	scope:	eq	version:	4.0.0	Trust: 1.0
vendor:	huawei	model:	magic ui	scope:	eq	version:	3.1.1	Trust: 1.0
vendor:	huawei	model:	magic ui	scope:	-	version:	-	Trust: 0.8
vendor:	huawei	model:	emui	scope:	-	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2022-011278 // NVD: CVE-2022-31761

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2022-31761
value:	HIGH
Trust: 1.0
NVD:	CVE-2022-31761
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-202206-1173
value:	HIGH
Trust: 0.6
VULHUB:	VHN-423594
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2022-31761
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-423594
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2022-31761
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	3.6
version:	3.1
Trust: 1.0
NVD:	CVE-2022-31761
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: VULHUB: VHN-423594 // JVNDB: JVNDB-2022-011278 // CNNVD: CNNVD-202206-1173 // NVD: CVE-2022-31761

PROBLEMTYPE DATA

problemtype:	NVD-CWE-noinfo	Trust: 1.0
problemtype:	Lack of information (CWE-noinfo) [NVD evaluation ]	Trust: 0.8

sources: JVNDB: JVNDB-2022-011278 // NVD: CVE-2022-31761

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202206-1173

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202206-1173

PATCH

title:

HUAWEI EMUI Security vulnerabilities

url:

http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=196787

Trust: 0.6

sources: CNNVD: CNNVD-202206-1173

EXTERNAL IDS

db:	NVD	id:	CVE-2022-31761	Trust: 3.4
db:	JVNDB	id:	JVNDB-2022-011278	Trust: 0.8
db:	CNNVD	id:	CNNVD-202206-1173	Trust: 0.7
db:	CNVD	id:	CNVD-2022-47647	Trust: 0.1
db:	VULHUB	id:	VHN-423594	Trust: 0.1
db:	VULMON	id:	CVE-2022-31761	Trust: 0.1

sources: VULHUB: VHN-423594 // VULMON: CVE-2022-31761 // JVNDB: JVNDB-2022-011278 // CNNVD: CNNVD-202206-1173 // NVD: CVE-2022-31761

REFERENCES

url:	https://consumer.huawei.com/en/support/bulletin/2022/6/	Trust: 2.6
url:	https://nvd.nist.gov/vuln/detail/cve-2022-31761	Trust: 0.8
url:	https://cxsecurity.com/cveshow/cve-2022-31761/	Trust: 0.6
url:	https://nvd.nist.gov	Trust: 0.1

sources: VULHUB: VHN-423594 // VULMON: CVE-2022-31761 // JVNDB: JVNDB-2022-011278 // CNNVD: CNNVD-202206-1173 // NVD: CVE-2022-31761

SOURCES

db:	VULHUB	id:	VHN-423594
db:	VULMON	id:	CVE-2022-31761
db:	JVNDB	id:	JVNDB-2022-011278
db:	CNNVD	id:	CNNVD-202206-1173
db:	NVD	id:	CVE-2022-31761

LAST UPDATE DATE

2024-08-14T14:55:26.293000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-423594	date:	2022-06-18T00:00:00
db:	VULMON	id:	CVE-2022-31761	date:	2022-06-13T00:00:00
db:	JVNDB	id:	JVNDB-2022-011278	date:	2023-08-21T08:18:00
db:	CNNVD	id:	CNNVD-202206-1173	date:	2022-06-20T00:00:00
db:	NVD	id:	CVE-2022-31761	date:	2022-06-18T03:13:57.547

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-423594	date:	2022-06-13T00:00:00
db:	VULMON	id:	CVE-2022-31761	date:	2022-06-13T00:00:00
db:	JVNDB	id:	JVNDB-2022-011278	date:	2023-08-21T00:00:00
db:	CNNVD	id:	CNNVD-202206-1173	date:	2022-06-13T00:00:00
db:	NVD	id:	CVE-2022-31761	date:	2022-06-13T16:15:08.820