ID

VAR-202211-0676


CVE

CVE-2022-44548


TITLE

Huawei  of  HarmonyOS  and  EMUI  Vulnerability regarding improper default permissions in

Trust: 0.8

sources: JVNDB: JVNDB-2022-020505

DESCRIPTION

There is a vulnerability in permission verification during the Bluetooth pairing process. Successful exploitation of this vulnerability may cause the dialog box for confirming the pairing not to be displayed during Bluetooth pairing. Huawei of HarmonyOS and EMUI There is a vulnerability in improper default permissions.Information may be tampered with

Trust: 1.71

sources: NVD: CVE-2022-44548 // JVNDB: JVNDB-2022-020505 // VULHUB: VHN-441928

AFFECTED PRODUCTS

vendor:huaweimodel:harmonyosscope:eqversion:2.0

Trust: 1.0

vendor:huaweimodel:harmonyosscope:eqversion:3.0.0

Trust: 1.0

vendor:huaweimodel:emuiscope:eqversion:12.0.0

Trust: 1.0

vendor:huaweimodel:emuiscope:eqversion:12.0.1

Trust: 1.0

vendor:huaweimodel:harmonyosscope:eqversion:2.1

Trust: 1.0

vendor:huaweimodel:emuiscope:eqversion:11.0.1

Trust: 1.0

vendor:huaweimodel:harmonyosscope: - version: -

Trust: 0.8

vendor:huaweimodel:emuiscope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2022-020505 // NVD: CVE-2022-44548

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2022-44548
value: MEDIUM

Trust: 1.0

NVD: CVE-2022-44548
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-202211-2131
value: MEDIUM

Trust: 0.6

nvd@nist.gov: CVE-2022-44548
baseSeverity: MEDIUM
baseScore: 4.3
vectorString: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
attackVector: ADJACENT
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: 2.8
impactScore: 1.4
version: 3.1

Trust: 1.0

NVD: CVE-2022-44548
baseSeverity: MEDIUM
baseScore: 4.3
vectorString: CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
attackVector: ADJACENT NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: JVNDB: JVNDB-2022-020505 // CNNVD: CNNVD-202211-2131 // NVD: CVE-2022-44548

PROBLEMTYPE DATA

problemtype:CWE-276

Trust: 1.1

problemtype:Inappropriate default permissions (CWE-276) [NVD evaluation ]

Trust: 0.8

sources: VULHUB: VHN-441928 // JVNDB: JVNDB-2022-020505 // NVD: CVE-2022-44548

THREAT TYPE

remote or local

Trust: 0.6

sources: CNNVD: CNNVD-202211-2131

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202211-2131

PATCH

title:Huawei HarmonyOS Security vulnerabilitiesurl:http://123.124.177.30/web/xxk/bdxqById.tag?id=213635

Trust: 0.6

sources: CNNVD: CNNVD-202211-2131

EXTERNAL IDS

db:NVDid:CVE-2022-44548

Trust: 3.3

db:JVNDBid:JVNDB-2022-020505

Trust: 0.8

db:CNNVDid:CNNVD-202211-2131

Trust: 0.6

db:VULHUBid:VHN-441928

Trust: 0.1

sources: VULHUB: VHN-441928 // JVNDB: JVNDB-2022-020505 // CNNVD: CNNVD-202211-2131 // NVD: CVE-2022-44548

REFERENCES

url:https://consumer.huawei.com/en/support/bulletin/2022/11/

Trust: 2.5

url:https://device.harmonyos.com/en/docs/security/update/security-bulletins-phones-202211-0000001441016433

Trust: 2.5

url:https://nvd.nist.gov/vuln/detail/cve-2022-44548

Trust: 0.8

url:https://device.harmonyos.com/cn/docs/security/update/security-bulletins-202211-0000001440896653

Trust: 0.6

url:https://cxsecurity.com/cveshow/cve-2022-44548/

Trust: 0.6

sources: VULHUB: VHN-441928 // JVNDB: JVNDB-2022-020505 // CNNVD: CNNVD-202211-2131 // NVD: CVE-2022-44548

SOURCES

db:VULHUBid:VHN-441928
db:JVNDBid:JVNDB-2022-020505
db:CNNVDid:CNNVD-202211-2131
db:NVDid:CVE-2022-44548

LAST UPDATE DATE

2024-08-14T14:10:29.952000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-441928date:2022-11-10T00:00:00
db:JVNDBid:JVNDB-2022-020505date:2023-11-02T08:02:00
db:CNNVDid:CNNVD-202211-2131date:2022-11-14T00:00:00
db:NVDid:CVE-2022-44548date:2022-11-10T13:54:39.160

SOURCES RELEASE DATE

db:VULHUBid:VHN-441928date:2022-11-09T00:00:00
db:JVNDBid:JVNDB-2022-020505date:2023-11-02T00:00:00
db:CNNVDid:CNNVD-202211-2131date:2022-11-05T00:00:00
db:NVDid:CVE-2022-44548date:2022-11-09T21:15:18.067