Sign-up

ID

VAR-202209-0142


CVE

CVE-2022-39009


TITLE

Huawei  of  EMUI  and  HarmonyOS  Authentication vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2022-017585

DESCRIPTION

The WLAN module has a vulnerability in permission verification. Successful exploitation of this vulnerability may cause third-party apps to affect WLAN functions. Huawei of EMUI and HarmonyOS There is an authentication vulnerability in.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state

Trust: 1.8

sources: NVD: CVE-2022-39009 // JVNDB: JVNDB-2022-017585 // VULHUB: VHN-434776 // VULMON: CVE-2022-39009

AFFECTED PRODUCTS

vendor:huaweimodel:emuiscope:eqversion:12.0.0

Trust: 1.0

vendor:huaweimodel:harmonyosscope:eqversion:2.0

Trust: 1.0

vendor:huaweimodel:harmonyosscope:eqversion:2.1

Trust: 1.0

vendor:huaweimodel:emuiscope: - version: -

Trust: 0.8

vendor:huaweimodel:harmonyosscope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2022-017585 // NVD: CVE-2022-39009

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2022-39009
value: CRITICAL

Trust: 1.0

NVD: CVE-2022-39009
value: CRITICAL

Trust: 0.8

CNNVD: CNNVD-202209-159
value: CRITICAL

Trust: 0.6

nvd@nist.gov: CVE-2022-39009
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.1

Trust: 1.0

NVD: CVE-2022-39009
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: JVNDB: JVNDB-2022-017585 // CNNVD: CNNVD-202209-159 // NVD: CVE-2022-39009

PROBLEMTYPE DATA

problemtype:CWE-287

Trust: 1.1

problemtype:Inappropriate authentication (CWE-287) [NVD evaluation ]

Trust: 0.8

sources: VULHUB: VHN-434776 // JVNDB: JVNDB-2022-017585 // NVD: CVE-2022-39009

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202209-159

TYPE

authorization issue

Trust: 0.6

sources: CNNVD: CNNVD-202209-159

PATCH

title:Huawei HarmonyOS Remediation measures for authorization problem vulnerabilitiesurl:http://123.124.177.30/web/xxk/bdxqById.tag?id=208614

Trust: 0.6

sources: CNNVD: CNNVD-202209-159

EXTERNAL IDS

db:NVDid:CVE-2022-39009

Trust: 3.4

db:JVNDBid:JVNDB-2022-017585

Trust: 0.8

db:CNNVDid:CNNVD-202209-159

Trust: 0.6

db:VULHUBid:VHN-434776

Trust: 0.1

db:VULMONid:CVE-2022-39009

Trust: 0.1

sources: VULHUB: VHN-434776 // VULMON: CVE-2022-39009 // JVNDB: JVNDB-2022-017585 // CNNVD: CNNVD-202209-159 // NVD: CVE-2022-39009

REFERENCES

url:https://consumer.huawei.com/en/support/bulletin/2022/9/

Trust: 2.6

url:https://device.harmonyos.com/en/docs/security/update/security-bulletins-phones-202209-0000001392278845

Trust: 2.6

url:https://nvd.nist.gov/vuln/detail/cve-2022-39009

Trust: 0.8

url:https://device.harmonyos.com/cn/docs/security/update/security-bulletins-202209-0000001392078921

Trust: 0.6

url:https://cxsecurity.com/cveshow/cve-2022-39009/

Trust: 0.6

url:https://nvd.nist.gov

Trust: 0.1

sources: VULHUB: VHN-434776 // VULMON: CVE-2022-39009 // JVNDB: JVNDB-2022-017585 // CNNVD: CNNVD-202209-159 // NVD: CVE-2022-39009

SOURCES

db:VULHUBid:VHN-434776
db:VULMONid:CVE-2022-39009
db:JVNDBid:JVNDB-2022-017585
db:CNNVDid:CNNVD-202209-159
db:NVDid:CVE-2022-39009

LAST UPDATE DATE

2024-08-14T14:10:35.195000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-434776date:2022-09-21T00:00:00
db:VULMONid:CVE-2022-39009date:2022-09-16T00:00:00
db:JVNDBid:JVNDB-2022-017585date:2023-10-13T08:43:00
db:CNNVDid:CNNVD-202209-159date:2022-09-22T00:00:00
db:NVDid:CVE-2022-39009date:2022-09-21T14:03:03.557

SOURCES RELEASE DATE

db:VULHUBid:VHN-434776date:2022-09-16T00:00:00
db:VULMONid:CVE-2022-39009date:2022-09-16T00:00:00
db:JVNDBid:JVNDB-2022-017585date:2023-10-13T00:00:00
db:CNNVDid:CNNVD-202209-159date:2022-09-05T00:00:00
db:NVDid:CVE-2022-39009date:2022-09-16T18:15:18.250