Details of VAR-202210-0956

ID

VAR-202210-0956

CVE

CVE-2022-42463

TITLE

OpenHarmony Authentication vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2022-018745

DESCRIPTION

OpenHarmony-v3.1.2 and prior versions have an authenication bypass vulnerability in a callback handler function of Softbus_server in communication subsystem. Attackers can launch attacks on distributed networks by sending Bluetooth rfcomm packets to any remote device and executing arbitrary commands. OpenHarmony There is an authentication vulnerability in.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state

Trust: 1.62

sources: NVD: CVE-2022-42463 // JVNDB: JVNDB-2022-018745

IOT TAXONOMY

category:

['other device']

sub_category:

IoT device with OpenHarmony

Trust: 0.1

sources: OTHER: None

AFFECTED PRODUCTS

vendor:	openharmony	model:	openharmony	scope:	gte	version:	3.1	Trust: 1.0
vendor:	openharmony	model:	openharmony	scope:	lte	version:	3.1.2	Trust: 1.0
vendor:	openharmony	model:	openharmony	scope:	eq	version:	-	Trust: 0.8
vendor:	openharmony	model:	openharmony	scope:	eq	version:	3.1 to 3.1.2	Trust: 0.8
vendor:	openharmony	model:	openharmony	scope:	-	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2022-018745 // NVD: CVE-2022-42463

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2022-42463
value:	HIGH
Trust: 1.0
scy@openharmony.io:	CVE-2022-42463
value:	HIGH
Trust: 1.0
NVD:	CVE-2022-42463
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-202210-916
value:	HIGH
Trust: 0.6

nvd@nist.gov:	CVE-2022-42463
baseSeverity:	HIGH
baseScore:	8.8
vectorString:	CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	ADJACENT
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	2.8
impactScore:	5.9
version:	3.1
Trust: 1.0
scy@openharmony.io:	CVE-2022-42463
baseSeverity:	HIGH
baseScore:	8.3
vectorString:	CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H
attackVector:	ADJACENT
attackComplexity:	HIGH
privilegesRequired:	NONE
userInteraction:	NONE
scope:	CHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	1.6
impactScore:	6.0
version:	3.1
Trust: 1.0
NVD:	CVE-2022-42463
baseSeverity:	HIGH
baseScore:	8.8
vectorString:	CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	ADJACENT NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: JVNDB: JVNDB-2022-018745 // CNNVD: CNNVD-202210-916 // NVD: CVE-2022-42463 // NVD: CVE-2022-42463

PROBLEMTYPE DATA

problemtype:	CWE-287	Trust: 1.0
problemtype:	Inappropriate authentication (CWE-287) [NVD evaluation ]	Trust: 0.8

sources: JVNDB: JVNDB-2022-018745 // NVD: CVE-2022-42463

THREAT TYPE

remote or local

Trust: 0.6

sources: CNNVD: CNNVD-202210-916

TYPE

authorization issue

Trust: 0.6

sources: CNNVD: CNNVD-202210-916

PATCH

title:

OpenHarmony Remediation measures for authorization problem vulnerabilities

url:

http://123.124.177.30/web/xxk/bdxqById.tag?id=210998

Trust: 0.6

sources: CNNVD: CNNVD-202210-916

EXTERNAL IDS

db:	NVD	id:	CVE-2022-42463	Trust: 3.3
db:	JVNDB	id:	JVNDB-2022-018745	Trust: 0.8
db:	CNNVD	id:	CNNVD-202210-916	Trust: 0.6
db:	OTHER	id:	NONE	Trust: 0.1

sources: OTHER: None // JVNDB: JVNDB-2022-018745 // CNNVD: CNNVD-202210-916 // NVD: CVE-2022-42463

REFERENCES

url:	https://gitee.com/openharmony/security/blob/master/en/security-disclosure/2022/2022-10.md	Trust: 2.4
url:	https://nvd.nist.gov/vuln/detail/cve-2022-42463	Trust: 0.8
url:	https://cxsecurity.com/cveshow/cve-2022-42463/	Trust: 0.6
url:	https://ieeexplore.ieee.org/abstract/document/10769424	Trust: 0.1

sources: OTHER: None // JVNDB: JVNDB-2022-018745 // CNNVD: CNNVD-202210-916 // NVD: CVE-2022-42463

SOURCES

db:	OTHER	id:	-
db:	JVNDB	id:	JVNDB-2022-018745
db:	CNNVD	id:	CNNVD-202210-916
db:	NVD	id:	CVE-2022-42463

LAST UPDATE DATE

2025-01-30T20:43:02.535000+00:00

SOURCES UPDATE DATE

db:	JVNDB	id:	JVNDB-2022-018745	date:	2023-10-23T06:38:00
db:	CNNVD	id:	CNNVD-202210-916	date:	2022-10-18T00:00:00
db:	NVD	id:	CVE-2022-42463	date:	2022-10-17T18:37:45.507

SOURCES RELEASE DATE

db:	JVNDB	id:	JVNDB-2022-018745	date:	2023-10-23T00:00:00
db:	CNNVD	id:	CNNVD-202210-916	date:	2022-10-14T00:00:00
db:	NVD	id:	CVE-2022-42463	date:	2022-10-14T15:16:24.883