Lucene search

HuaweiCVE-2022-38997

HistorySep 16, 2022 - 6:15 p.m.

CVE-2022-38997

2022-09-1618:15:17

huawei

web.nvd.nist.gov

cve-2022-38997

secure os

configuration defects

data confidentiality

nvd

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

EPSS

0.002

Percentile

52.5%

JSON

The secure OS module has configuration defects. Successful exploitation of this vulnerability may affect data confidentiality.

Affected configurations

Nvd

Vulners

Node

huaweiemuiMatch10.1.0

huaweiemuiMatch10.1.1

huaweiemuiMatch11.0.0

huaweiemuiMatch12.0.0

huaweiharmonyosMatch2.0

huaweiharmonyosMatch2.1

huaweimagic_uiMatch3.1.0

huaweimagic_uiMatch3.1.1

huaweimagic_uiMatch4.0.0

VendorProductVersionCPE
huaweiemui10.1.0cpe:2.3:o:huawei:emui:10.1.0:*:*:*:*:*:*:*
huaweiemui10.1.1cpe:2.3:o:huawei:emui:10.1.1:*:*:*:*:*:*:*
huaweiemui11.0.0cpe:2.3:o:huawei:emui:11.0.0:*:*:*:*:*:*:*
huaweiemui12.0.0cpe:2.3:o:huawei:emui:12.0.0:*:*:*:*:*:*:*
huaweiharmonyos2.0cpe:2.3:o:huawei:harmonyos:2.0:*:*:*:*:*:*:*
huaweiharmonyos2.1cpe:2.3:o:huawei:harmonyos:2.1:*:*:*:*:*:*:*
huaweimagic_ui3.1.0cpe:2.3:o:huawei:magic_ui:3.1.0:*:*:*:*:*:*:*
huaweimagic_ui3.1.1cpe:2.3:o:huawei:magic_ui:3.1.1:*:*:*:*:*:*:*
huaweimagic_ui4.0.0cpe:2.3:o:huawei:magic_ui:4.0.0:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
huawei	emui	10.1.0	cpe:2.3:o:huawei:emui:10.1.0:::::::*
huawei	emui	10.1.1	cpe:2.3:o:huawei:emui:10.1.1:::::::*
huawei	emui	11.0.0	cpe:2.3:o:huawei:emui:11.0.0:::::::*
huawei	emui	12.0.0	cpe:2.3:o:huawei:emui:12.0.0:::::::*
huawei	harmonyos	2.0	cpe:2.3:o:huawei:harmonyos:2.0:::::::*
huawei	harmonyos	2.1	cpe:2.3:o:huawei:harmonyos:2.1:::::::*
huawei	magic_ui	3.1.0	cpe:2.3:o:huawei:magic_ui:3.1.0:::::::*
huawei	magic_ui	3.1.1	cpe:2.3:o:huawei:magic_ui:3.1.1:::::::*
huawei	magic_ui	4.0.0	cpe:2.3:o:huawei:magic_ui:4.0.0:::::::*

CNA Affected

[
  {
    "product": "HarmonyOS",
    "vendor": "Huawei",
    "versions": [
      {
        "status": "affected",
        "version": "2.0"
      },
      {
        "status": "affected",
        "version": "2.1"
      }
    ]
  },
  {
    "product": "EMUI",
    "vendor": "Huawei",
    "versions": [
      {
        "status": "affected",
        "version": "12.0.0"
      },
      {
        "status": "affected",
        "version": "11.0.0"
      },
      {
        "status": "affected",
        "version": "10.1.1"
      },
      {
        "status": "affected",
        "version": "10.1.0"
      }
    ]
  },
  {
    "product": "Magic UI",
    "vendor": "Huawei",
    "versions": [
      {
        "status": "affected",
        "version": "4.0.0"
      },
      {
        "status": "affected",
        "version": "3.1.1"
      },
      {
        "status": "affected",
        "version": "3.1.0"
      }
    ]
  }
]

References

consumer.huawei.com/en/support/bulletin/2022/9/

device.harmonyos.com/en/docs/security/update/security-bulletins-phones-202209-0000001392278845

Social References

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

EPSS

0.002

Percentile

52.5%

JSON

Related for CVE-2022-38997