Sign-up

ID

VAR-202212-0584


CVE

CVE-2022-41590


TITLE

HarmonyOS  Authentication vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2022-003426

DESCRIPTION

Some smartphones have authentication-related (including session management) vulnerabilities as the setup wizard is bypassed. Successful exploitation of this vulnerability affects the smartphone availability. HarmonyOS There is an authentication vulnerability in.Service operation interruption (DoS) It may be in a state

Trust: 1.71

sources: NVD: CVE-2022-41590 // JVNDB: JVNDB-2022-003426 // VULHUB: VHN-437826

AFFECTED PRODUCTS

vendor:huaweimodel:harmonyosscope:eqversion:3.0.0

Trust: 1.0

vendor:huaweimodel:harmonyosscope: - version: -

Trust: 0.8

vendor:huaweimodel:harmonyosscope:eqversion: -

Trust: 0.8

sources: JVNDB: JVNDB-2022-003426 // NVD: CVE-2022-41590

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2022-41590
value: MEDIUM

Trust: 1.0

NVD: CVE-2022-41590
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-202212-2512
value: MEDIUM

Trust: 0.6

nvd@nist.gov: CVE-2022-41590
baseSeverity: MEDIUM
baseScore: 5.5
vectorString: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 1.8
impactScore: 3.6
version: 3.1

Trust: 1.0

NVD: CVE-2022-41590
baseSeverity: MEDIUM
baseScore: 5.5
vectorString: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: JVNDB: JVNDB-2022-003426 // CNNVD: CNNVD-202212-2512 // NVD: CVE-2022-41590

PROBLEMTYPE DATA

problemtype:CWE-287

Trust: 1.1

problemtype:Inappropriate authentication (CWE-287) [NVD evaluation ]

Trust: 0.8

sources: VULHUB: VHN-437826 // JVNDB: JVNDB-2022-003426 // NVD: CVE-2022-41590

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202212-2512

TYPE

authorization issue

Trust: 0.6

sources: CNNVD: CNNVD-202212-2512

PATCH

title:security-bulletins-202212-0000001462975397url:https://device.harmonyos.com/en/docs/security/update/security-bulletins-202212-0000001462975397

Trust: 0.8

title:Huawei HarmonyOS Remediation measures for authorization problem vulnerabilitiesurl:http://123.124.177.30/web/xxk/bdxqById.tag?id=219373

Trust: 0.6

sources: JVNDB: JVNDB-2022-003426 // CNNVD: CNNVD-202212-2512

EXTERNAL IDS

db:NVDid:CVE-2022-41590

Trust: 3.3

db:JVNDBid:JVNDB-2022-003426

Trust: 0.8

db:CNNVDid:CNNVD-202212-2512

Trust: 0.6

db:VULHUBid:VHN-437826

Trust: 0.1

sources: VULHUB: VHN-437826 // JVNDB: JVNDB-2022-003426 // CNNVD: CNNVD-202212-2512 // NVD: CVE-2022-41590

REFERENCES

url:https://device.harmonyos.com/en/docs/security/update/security-bulletins-202212-0000001462975397

Trust: 1.7

url:https://nvd.nist.gov/vuln/detail/cve-2022-41590

Trust: 0.8

url:https://cxsecurity.com/cveshow/cve-2022-41590/

Trust: 0.6

url:https://device.harmonyos.com/cn/docs/security/update/security-bulletins-202212-0000001462975397

Trust: 0.6

sources: VULHUB: VHN-437826 // JVNDB: JVNDB-2022-003426 // CNNVD: CNNVD-202212-2512 // NVD: CVE-2022-41590

SOURCES

db:VULHUBid:VHN-437826
db:JVNDBid:JVNDB-2022-003426
db:CNNVDid:CNNVD-202212-2512
db:NVDid:CVE-2022-41590

LAST UPDATE DATE

2024-08-14T14:49:28.873000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-437826date:2022-12-29T00:00:00
db:JVNDBid:JVNDB-2022-003426date:2023-02-17T01:48:00
db:CNNVDid:CNNVD-202212-2512date:2022-12-30T00:00:00
db:NVDid:CVE-2022-41590date:2022-12-29T18:47:59.580

SOURCES RELEASE DATE

db:VULHUBid:VHN-437826date:2022-12-20T00:00:00
db:JVNDBid:JVNDB-2022-003426date:2023-02-17T00:00:00
db:CNNVDid:CNNVD-202212-2512date:2022-12-05T00:00:00
db:NVDid:CVE-2022-41590date:2022-12-20T21:15:10.807