CVE-2022-41590

{"id": "CVE-2022-41590", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.5, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 1.8}]}, "published": "2022-12-20T21:15:10.807", "references": [{"url": "https://device.harmonyos.com/en/docs/security/update/security-bulletins-202212-0000001462975397", "tags": ["Vendor Advisory"], "source": "psirt@huawei.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-287"}]}], "descriptions": [{"lang": "en", "value": "Some smartphones have authentication-related (including session management) vulnerabilities as the setup wizard is bypassed. Successful exploitation of this vulnerability affects the smartphone availability."}, {"lang": "es", "value": "Algunos tel\u00e9fonos inteligentes tienen vulnerabilidades relacionadas con la autenticaci\u00f3n (incluida la administraci\u00f3n de sesiones) ya que se omite el asistente de configuraci\u00f3n. La explotaci\u00f3n exitosa de esta vulnerabilidad afecta la disponibilidad de los tel\u00e9fonos inteligentes."}], "lastModified": "2022-12-29T18:47:59.580", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:huawei:harmonyos:3.0.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "CB3751C1-7729-41D3-AE50-80B5AF601135"}], "operator": "OR"}]}], "sourceIdentifier": "psirt@huawei.com"}