CVE-2022-45877

CVSS V2 None CVSS V3 None

Description

OpenHarmony-v3.1.4 and prior versions had an vulnerability. PIN code is transmitted to the peer device in plain text during cross-device authentication, which reduces the difficulty of man-in-the-middle attacks.

Overview

CVE ID
CVE-2022-45877

Assigner
scy@openharmony.io

Vulnerability Status
Analyzed

Published Version
2022-12-08T16:15:14

Last Modified Date
2022-12-12T17:51:49

Weakness Enumerations

CWE	URL
CWE-287	http://cwe.mitre.org/data/definitions/287.html

CPE Configuration (Product)

CPE	Vulnerable	Operator	Version Start	Version End
cpe:2.3:a:openharmony:openharmony::::::::	1	OR	3.1	3.1.4

References

Reference URL	Reference Tags
https://gitee.com/openharmony/security/blob/master/en/security-disclosure/2022/2022-12.md

Sources

Source Name	Source URL
NIST	https://nvd.nist.gov/vuln/detail/CVE-2022-45877
MITRE	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-45877

History

Created	Old Value	New Value	Data Type	Notes
2022-12-08 17:16:15				Added to TrackCVE
2022-12-10 02:15:10	2022-12-08T16:15:14.787	2022-12-08T16:15:14	CVE Published Date	updated
2022-12-10 02:15:10		2022-12-08T16:29:05	CVE Modified Date	updated
2022-12-10 02:15:10	Awaiting Analysis	Undergoing Analysis	Vulnerability Status	updated
2022-12-10 05:35:43	Undergoing Analysis	Awaiting Analysis	Vulnerability Status	updated
2022-12-12 12:24:11	Awaiting Analysis	Undergoing Analysis	Vulnerability Status	updated
2022-12-12 18:17:38		2022-12-12T17:51:49	CVE Modified Date	updated
2022-12-12 18:17:38	Undergoing Analysis	Analyzed	Vulnerability Status	updated
2022-12-12 18:17:38		CWE-287	Weakness Enumeration	new
2022-12-12 18:17:39			CPE Information	updated