Sign-up

ID

VAR-202212-0613


CVE

CVE-2022-46313


TITLE

Huawei  of  HarmonyOS  Authentication vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2022-023886

DESCRIPTION

The sensor privacy module has an authentication vulnerability. Successful exploitation of this vulnerability may cause unavailability of the smartphone's camera and microphone. Huawei of HarmonyOS There is an authentication vulnerability in.Service operation interruption (DoS) It may be in a state

Trust: 1.71

sources: NVD: CVE-2022-46313 // JVNDB: JVNDB-2022-023886 // VULHUB: VHN-444283

AFFECTED PRODUCTS

vendor:huaweimodel:harmonyosscope:ltversion:3.0.0

Trust: 1.0

vendor:huaweimodel:harmonyosscope:eqversion:3.0.0

Trust: 0.8

vendor:huaweimodel:harmonyosscope:eqversion: -

Trust: 0.8

vendor:huaweimodel:harmonyosscope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2022-023886 // NVD: CVE-2022-46313

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2022-46313
value: MEDIUM

Trust: 1.0

NVD: CVE-2022-46313
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-202212-2494
value: MEDIUM

Trust: 0.6

nvd@nist.gov: CVE-2022-46313
baseSeverity: MEDIUM
baseScore: 5.3
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: LOW
exploitabilityScore: 3.9
impactScore: 1.4
version: 3.1

Trust: 1.0

NVD: CVE-2022-46313
baseSeverity: MEDIUM
baseScore: 5.3
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: LOW
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: JVNDB: JVNDB-2022-023886 // CNNVD: CNNVD-202212-2494 // NVD: CVE-2022-46313

PROBLEMTYPE DATA

problemtype:CWE-287

Trust: 1.1

problemtype:Inappropriate authentication (CWE-287) [NVD evaluation ]

Trust: 0.8

sources: VULHUB: VHN-444283 // JVNDB: JVNDB-2022-023886 // NVD: CVE-2022-46313

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202212-2494

TYPE

authorization issue

Trust: 0.6

sources: CNNVD: CNNVD-202212-2494

PATCH

title:Huawei HarmonyOS Remediation measures for authorization problem vulnerabilitiesurl:http://123.124.177.30/web/xxk/bdxqById.tag?id=218950

Trust: 0.6

sources: CNNVD: CNNVD-202212-2494

EXTERNAL IDS

db:NVDid:CVE-2022-46313

Trust: 3.3

db:JVNDBid:JVNDB-2022-023886

Trust: 0.8

db:CNNVDid:CNNVD-202212-2494

Trust: 0.6

db:VULHUBid:VHN-444283

Trust: 0.1

sources: VULHUB: VHN-444283 // JVNDB: JVNDB-2022-023886 // CNNVD: CNNVD-202212-2494 // NVD: CVE-2022-46313

REFERENCES

url:https://device.harmonyos.com/en/docs/security/update/security-bulletins-202212-0000001462975397

Trust: 2.5

url:https://nvd.nist.gov/vuln/detail/cve-2022-46313

Trust: 0.8

url:https://device.harmonyos.com/cn/docs/security/update/security-bulletins-202212-0000001462975397

Trust: 0.6

url:https://cxsecurity.com/cveshow/cve-2022-46313/

Trust: 0.6

sources: VULHUB: VHN-444283 // JVNDB: JVNDB-2022-023886 // CNNVD: CNNVD-202212-2494 // NVD: CVE-2022-46313

SOURCES

db:VULHUBid:VHN-444283
db:JVNDBid:JVNDB-2022-023886
db:CNNVDid:CNNVD-202212-2494
db:NVDid:CVE-2022-46313

LAST UPDATE DATE

2024-08-14T15:16:20.906000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-444283date:2022-12-24T00:00:00
db:JVNDBid:JVNDB-2022-023886date:2023-11-30T04:33:00
db:CNNVDid:CNNVD-202212-2494date:2022-12-26T00:00:00
db:NVDid:CVE-2022-46313date:2022-12-24T04:14:51.410

SOURCES RELEASE DATE

db:VULHUBid:VHN-444283date:2022-12-20T00:00:00
db:JVNDBid:JVNDB-2022-023886date:2023-11-30T00:00:00
db:CNNVDid:CNNVD-202212-2494date:2022-12-05T00:00:00
db:NVDid:CVE-2022-46313date:2022-12-20T21:15:11.300