CVE-2022-45877

OpenHarmony-v3.1.4 and prior versions had an vulnerability. PIN code is transmitted to the peer device in plain text during cross-device authentication, which reduces the difficulty of man-in-the-middle attacks.

CVSS v3 5.3 MEDIUM

5.3^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 1.6 / Impact : 3.6

Attack Vector ADJACENT_NETWORK

Attack Complexity HIGH

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://gitee.com/openharmony/security/blob/master/en/security-disclosure/2022/2022-12.md	Third Party Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:openharmony:openharmony:*:*:*:*:*:*:*:*

History

07 Jul 2023, 19:02

Type	Values Removed	Values Added
CWE	~~CWE-287~~	CWE-319

12 Dec 2022, 17:51

Type	Values Removed	Values Added
New CVE

Information

Published : 2022-12-08 16:15

Updated : 2024-02-05 15:02

NVD link : CVE-2022-45877

Mitre link : CVE-2022-45877

CVE.ORG link : CVE-2022-45877

JSON object : View

Products Affected

openharmony

openharmony

CWE

CWE-319

Cleartext Transmission of Sensitive Information

CWE-287

Improper Authentication

{"id": "CVE-2022-45877", "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.3, "attackVector": "ADJACENT_NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 1.6}, {"type": "Secondary", "source": "scy@openharmony.io", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.3, "attackVector": "ADJACENT_NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.5, "exploitabilityScore": 2.8}]}, "published": "2022-12-08T16:15:14.787", "references": [{"url": "https://gitee.com/openharmony/security/blob/master/en/security-disclosure/2022/2022-12.md", "tags": ["Third Party Advisory"], "source": "scy@openharmony.io"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-319"}]}, {"type": "Secondary", "source": "scy@openharmony.io", "description": [{"lang": "en", "value": "CWE-287"}]}], "descriptions": [{"lang": "en", "value": "OpenHarmony-v3.1.4 and prior versions had an vulnerability. PIN code is transmitted to the peer device in plain text during cross-device authentication, which reduces the difficulty of man-in-the-middle attacks."}, {"lang": "es", "value": "OpenHarmony-v3.1.4 y versiones anteriores ten\u00edan una vulnerabilidad. El c\u00f3digo PIN se transmite al dispositivo par en texto plano durante la autenticaci\u00f3n entre dispositivos, lo que reduce la dificultad de los ataques de intermediario."}], "lastModified": "2023-07-07T19:02:46.420", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:openharmony:openharmony:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2976685D-D374-45B2-AC0B-0045B4C19959", "versionEndIncluding": "3.1.4", "versionStartIncluding": "3.1"}], "operator": "OR"}]}], "sourceIdentifier": "scy@openharmony.io"}