Details of VAR-202210-0284

ID

VAR-202210-0284

CVE

CVE-2022-41576

TITLE

Huawei of EMUI and HarmonyOS Vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2022-018796

DESCRIPTION

The rphone module has a script that can be maliciously modified.Successful exploitation of this vulnerability may cause irreversible programs to be implanted on user devices. Huawei of EMUI and HarmonyOS Exists in unspecified vulnerabilities.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state

Trust: 1.71

sources: NVD: CVE-2022-41576 // JVNDB: JVNDB-2022-018796 // VULHUB: VHN-437801

AFFECTED PRODUCTS

vendor:	huawei	model:	emui	scope:	eq	version:	12.0.0	Trust: 1.0
vendor:	huawei	model:	harmonyos	scope:	eq	version:	2.0	Trust: 1.0
vendor:	huawei	model:	emui	scope:	eq	version:	11.0.1	Trust: 1.0
vendor:	huawei	model:	emui	scope:	-	version:	-	Trust: 0.8
vendor:	huawei	model:	harmonyos	scope:	-	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2022-018796 // NVD: CVE-2022-41576

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2022-41576
value:	HIGH
Trust: 1.0
NVD:	CVE-2022-41576
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-202210-177
value:	HIGH
Trust: 0.6

nvd@nist.gov:	CVE-2022-41576
baseSeverity:	HIGH
baseScore:	7.8
vectorString:	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	1.8
impactScore:	5.9
version:	3.1
Trust: 1.0
NVD:	CVE-2022-41576
baseSeverity:	HIGH
baseScore:	7.8
vectorString:	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: JVNDB: JVNDB-2022-018796 // CNNVD: CNNVD-202210-177 // NVD: CVE-2022-41576

PROBLEMTYPE DATA

problemtype:	NVD-CWE-noinfo	Trust: 1.0
problemtype:	Lack of information (CWE-noinfo) [NVD evaluation ]	Trust: 0.8

sources: JVNDB: JVNDB-2022-018796 // NVD: CVE-2022-41576

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202210-177

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202210-177

PATCH

title:

Huawei HarmonyOS Security vulnerabilities

url:

http://123.124.177.30/web/xxk/bdxqById.tag?id=210795

Trust: 0.6

sources: CNNVD: CNNVD-202210-177

EXTERNAL IDS

db:	NVD	id:	CVE-2022-41576	Trust: 3.3
db:	JVNDB	id:	JVNDB-2022-018796	Trust: 0.8
db:	CNNVD	id:	CNNVD-202210-177	Trust: 0.6
db:	VULHUB	id:	VHN-437801	Trust: 0.1

sources: VULHUB: VHN-437801 // JVNDB: JVNDB-2022-018796 // CNNVD: CNNVD-202210-177 // NVD: CVE-2022-41576

REFERENCES

url:	https://consumer.huawei.com/en/support/bulletin/2022/10/	Trust: 2.5
url:	https://device.harmonyos.com/en/docs/security/update/security-bulletins-phones-202210-0000001416095697	Trust: 2.5
url:	https://nvd.nist.gov/vuln/detail/cve-2022-41576	Trust: 0.8
url:	https://cxsecurity.com/cveshow/cve-2022-41576/	Trust: 0.6
url:	https://device.harmonyos.com/cn/docs/security/update/security-bulletins-202210-0000001416375445	Trust: 0.6

sources: VULHUB: VHN-437801 // JVNDB: JVNDB-2022-018796 // CNNVD: CNNVD-202210-177 // NVD: CVE-2022-41576

SOURCES

db:	VULHUB	id:	VHN-437801
db:	JVNDB	id:	JVNDB-2022-018796
db:	CNNVD	id:	CNNVD-202210-177
db:	NVD	id:	CVE-2022-41576

LAST UPDATE DATE

2024-08-14T15:21:35.917000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-437801	date:	2022-10-15T00:00:00
db:	JVNDB	id:	JVNDB-2022-018796	date:	2023-10-23T08:11:00
db:	CNNVD	id:	CNNVD-202210-177	date:	2022-10-17T00:00:00
db:	NVD	id:	CVE-2022-41576	date:	2022-10-15T01:50:36.447

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-437801	date:	2022-10-14T00:00:00
db:	JVNDB	id:	JVNDB-2022-018796	date:	2023-10-23T00:00:00
db:	CNNVD	id:	CNNVD-202210-177	date:	2022-10-05T00:00:00
db:	NVD	id:	CVE-2022-41576	date:	2022-10-14T16:15:20.110