Lucene search
XiaomiCVE-2023-26322HistoryAug 28, 2024 - 8:15 a.m.
CVE-2023-26322
2024-08-2808:15:06
CWE-94
Xiaomi
web.nvd.nist.gov
26
xiaomigetapps
code execution
verification logic
bypassed
exploit
malicious code
CVSS3
9.8
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
AI Score
8.9
Confidence
High
EPSS
0.001
Percentile
48.4%
A code execution vulnerability exists in the XiaomiGetApps application product. This vulnerability is caused by the verification logic being bypassed, and an attacker can exploit this vulnerability to execute malicious code.
Affected configurations
Node
migetappsRange31.2.5.0–32.0.0.1
CNA Affected
[
{
"defaultStatus": "affected",
"product": "GetApps application",
"vendor": "Xiaomi",
"versions": [
{
"changes": [
{
"at": "32.0.0.1",
"status": "unaffected"
}
],
"lessThanOrEqual": "31.2.5.0",
"status": "affected",
"version": "GetApps application",
"versionType": "custom"
}
]
}
]Related
vulnrichment
vulnrichment
CVE-2023-26322 GetApps application has code execution vulnerability
2024-08-28 07:59:26
cvelist
cvelist
CVE-2023-26322 GetApps application has code execution vulnerability
2024-08-28 07:59:26
nvd
nvd
CVE-2023-26322
2024-08-28 08:15:06
zdi
zdi
CVSS3
9.8
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
AI Score
8.9
Confidence
High
EPSS
0.001
Percentile
48.4%
Related for CVE-2023-26322