Lucene search

HuaweiCVE-2022-37005

HistoryAug 10, 2022 - 8:16 p.m.

CVE-2022-37005

2022-08-1020:16:04

CWE-88

huawei

web.nvd.nist.gov

cve-2022-37005

settings application

argument injection

vulnerability

data confidentiality

nvd

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

EPSS

0.002

Percentile

52.5%

JSON

The Settings application has an argument injection vulnerability. Successful exploitation of this vulnerability may affect data confidentiality.

Affected configurations

Nvd

Vulners

Node

huaweiemuiMatch10.1.1

huaweiemuiMatch11.0.0

huaweiemuiMatch11.0.1

huaweiemuiMatch12.0.0

huaweiharmonyosMatch2.0

huaweimagic_uiMatch3.1.1

huaweimagic_uiMatch4.0.0

VendorProductVersionCPE
huaweiemui10.1.1cpe:2.3:o:huawei:emui:10.1.1:*:*:*:*:*:*:*
huaweiemui11.0.0cpe:2.3:o:huawei:emui:11.0.0:*:*:*:*:*:*:*
huaweiemui11.0.1cpe:2.3:o:huawei:emui:11.0.1:*:*:*:*:*:*:*
huaweiemui12.0.0cpe:2.3:o:huawei:emui:12.0.0:*:*:*:*:*:*:*
huaweiharmonyos2.0cpe:2.3:o:huawei:harmonyos:2.0:*:*:*:*:*:*:*
huaweimagic_ui3.1.1cpe:2.3:o:huawei:magic_ui:3.1.1:*:*:*:*:*:*:*
huaweimagic_ui4.0.0cpe:2.3:o:huawei:magic_ui:4.0.0:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
huawei	emui	10.1.1	cpe:2.3:o:huawei:emui:10.1.1:::::::*
huawei	emui	11.0.0	cpe:2.3:o:huawei:emui:11.0.0:::::::*
huawei	emui	11.0.1	cpe:2.3:o:huawei:emui:11.0.1:::::::*
huawei	emui	12.0.0	cpe:2.3:o:huawei:emui:12.0.0:::::::*
huawei	harmonyos	2.0	cpe:2.3:o:huawei:harmonyos:2.0:::::::*
huawei	magic_ui	3.1.1	cpe:2.3:o:huawei:magic_ui:3.1.1:::::::*
huawei	magic_ui	4.0.0	cpe:2.3:o:huawei:magic_ui:4.0.0:::::::*

CNA Affected

[
  {
    "product": "HarmonyOS",
    "vendor": "Huawei",
    "versions": [
      {
        "status": "affected",
        "version": "2.0"
      }
    ]
  },
  {
    "product": "EMUI",
    "vendor": "Huawei",
    "versions": [
      {
        "status": "affected",
        "version": "12.0.0"
      },
      {
        "status": "affected",
        "version": "11.0.1"
      },
      {
        "status": "affected",
        "version": "11.0.0"
      },
      {
        "status": "affected",
        "version": "10.1.1"
      }
    ]
  },
  {
    "product": "Magic UI",
    "vendor": "Huawei",
    "versions": [
      {
        "status": "affected",
        "version": "4.0.0"
      },
      {
        "status": "affected",
        "version": "3.1.1"
      }
    ]
  }
]

References

consumer.huawei.com/en/support/bulletin/2022/8/

device.harmonyos.com/en/docs/security/update/security-bulletins-phones-202208-0000001363876177

Social References

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

EPSS

0.002

Percentile

52.5%

JSON

Related for CVE-2022-37005