Details of VAR-202211-0461

ID

VAR-202211-0461

CVE

CVE-2022-44556

TITLE

Huawei of EMUI and HarmonyOS Input verification vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2022-020502

DESCRIPTION

Missing parameter type validation in the DRM module. Successful exploitation of this vulnerability may affect availability. Huawei of EMUI and HarmonyOS There is an input validation vulnerability in.Service operation interruption (DoS) It may be in a state

Trust: 1.71

sources: NVD: CVE-2022-44556 // JVNDB: JVNDB-2022-020502 // VULHUB: VHN-441944

AFFECTED PRODUCTS

vendor:	huawei	model:	emui	scope:	eq	version:	12.0.0	Trust: 1.0
vendor:	huawei	model:	harmonyos	scope:	eq	version:	3.0.0	Trust: 1.0
vendor:	huawei	model:	harmonyos	scope:	eq	version:	2.0	Trust: 1.0
vendor:	huawei	model:	harmonyos	scope:	-	version:	-	Trust: 0.8
vendor:	huawei	model:	emui	scope:	-	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2022-020502 // NVD: CVE-2022-44556

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2022-44556
value:	HIGH
Trust: 1.0
NVD:	CVE-2022-44556
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-202211-2335
value:	HIGH
Trust: 0.6

nvd@nist.gov:	CVE-2022-44556
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	3.6
version:	3.1
Trust: 1.0
NVD:	CVE-2022-44556
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: JVNDB: JVNDB-2022-020502 // CNNVD: CNNVD-202211-2335 // NVD: CVE-2022-44556

PROBLEMTYPE DATA

problemtype:	CWE-20	Trust: 1.1
problemtype:	Inappropriate input confirmation (CWE-20) [NVD evaluation ]	Trust: 0.8

sources: VULHUB: VHN-441944 // JVNDB: JVNDB-2022-020502 // NVD: CVE-2022-44556

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202211-2335

TYPE

input validation error

Trust: 0.6

sources: CNNVD: CNNVD-202211-2335

PATCH

title:

Huawei EMUI Enter the fix for the verification error vulnerability

url:

http://123.124.177.30/web/xxk/bdxqById.tag?id=213747

Trust: 0.6

sources: CNNVD: CNNVD-202211-2335

EXTERNAL IDS

db:	NVD	id:	CVE-2022-44556	Trust: 3.3
db:	JVNDB	id:	JVNDB-2022-020502	Trust: 0.8
db:	CNNVD	id:	CNNVD-202211-2335	Trust: 0.6
db:	VULHUB	id:	VHN-441944	Trust: 0.1

sources: VULHUB: VHN-441944 // JVNDB: JVNDB-2022-020502 // CNNVD: CNNVD-202211-2335 // NVD: CVE-2022-44556

REFERENCES

url:	https://consumer.huawei.com/en/support/bulletin/2022/11/	Trust: 2.5
url:	https://device.harmonyos.com/en/docs/security/update/security-bulletins-202212-0000001462975397	Trust: 2.5
url:	https://nvd.nist.gov/vuln/detail/cve-2022-44556	Trust: 0.8
url:	https://cxsecurity.com/cveshow/cve-2022-44556/	Trust: 0.6
url:	https://device.harmonyos.com/cn/docs/security/update/security-bulletins-202212-0000001462975397	Trust: 0.6

sources: VULHUB: VHN-441944 // JVNDB: JVNDB-2022-020502 // CNNVD: CNNVD-202211-2335 // NVD: CVE-2022-44556

SOURCES

db:	VULHUB	id:	VHN-441944
db:	JVNDB	id:	JVNDB-2022-020502
db:	CNNVD	id:	CNNVD-202211-2335
db:	NVD	id:	CVE-2022-44556

LAST UPDATE DATE

2024-08-14T14:24:27.826000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-441944	date:	2023-03-03T00:00:00
db:	JVNDB	id:	JVNDB-2022-020502	date:	2023-11-02T08:02:00
db:	CNNVD	id:	CNNVD-202211-2335	date:	2022-12-27T00:00:00
db:	NVD	id:	CVE-2022-44556	date:	2023-11-07T03:54:19.583

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-441944	date:	2022-11-08T00:00:00
db:	JVNDB	id:	JVNDB-2022-020502	date:	2023-11-02T00:00:00
db:	CNNVD	id:	CNNVD-202211-2335	date:	2022-11-08T00:00:00
db:	NVD	id:	CVE-2022-44556	date:	2022-11-08T18:15:11.483