Lucene search

HuaweiCVE-2023-52367

HistoryFeb 18, 2024 - 4:15 a.m.

CVE-2023-52367

2024-02-1804:15:07

CWE-284

huawei

web.nvd.nist.gov

2361

cve-2023-52367

vulnerability

media library

access control

nvd

CVSS3

7.7

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H

AI Score

6.7

Confidence

Low

EPSS

Percentile

9.0%

JSON

Vulnerability of improper access control in the media library module.Successful exploitation of this vulnerability may affect service availability and integrity.

Affected configurations

Vulners

Vulnrichment

Node

huaweiharmonyosMatch4.0.0

huaweiharmonyosMatch3.1.0

huaweiharmonyosMatch3.0.0

huaweiharmonyosMatch2.1.0

huaweiharmonyosMatch2.0.0

huaweiemuiMatch13.0.0

huaweiemuiMatch12.0.0

VendorProductVersionCPE
huaweiharmonyos4.0.0cpe:2.3:o:huawei:harmonyos:4.0.0:*:*:*:*:*:*:*
huaweiharmonyos3.1.0cpe:2.3:o:huawei:harmonyos:3.1.0:*:*:*:*:*:*:*
huaweiharmonyos3.0.0cpe:2.3:o:huawei:harmonyos:3.0.0:*:*:*:*:*:*:*
huaweiharmonyos2.1.0cpe:2.3:o:huawei:harmonyos:2.1.0:*:*:*:*:*:*:*
huaweiharmonyos2.0.0cpe:2.3:o:huawei:harmonyos:2.0.0:*:*:*:*:*:*:*
huaweiemui13.0.0cpe:2.3:o:huawei:emui:13.0.0:*:*:*:*:*:*:*
huaweiemui12.0.0cpe:2.3:o:huawei:emui:12.0.0:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
huawei	harmonyos	4.0.0	cpe:2.3:o:huawei:harmonyos:4.0.0:::::::*
huawei	harmonyos	3.1.0	cpe:2.3:o:huawei:harmonyos:3.1.0:::::::*
huawei	harmonyos	3.0.0	cpe:2.3:o:huawei:harmonyos:3.0.0:::::::*
huawei	harmonyos	2.1.0	cpe:2.3:o:huawei:harmonyos:2.1.0:::::::*
huawei	harmonyos	2.0.0	cpe:2.3:o:huawei:harmonyos:2.0.0:::::::*
huawei	emui	13.0.0	cpe:2.3:o:huawei:emui:13.0.0:::::::*
huawei	emui	12.0.0	cpe:2.3:o:huawei:emui:12.0.0:::::::*

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "HarmonyOS",
    "vendor": "Huawei",
    "versions": [
      {
        "status": "affected",
        "version": "4.0.0"
      },
      {
        "status": "affected",
        "version": "3.1.0"
      },
      {
        "status": "affected",
        "version": "3.0.0"
      },
      {
        "status": "affected",
        "version": "2.1.0"
      },
      {
        "status": "affected",
        "version": "2.0.0"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "EMUI",
    "vendor": "Huawei",
    "versions": [
      {
        "status": "affected",
        "version": "13.0.0"
      },
      {
        "status": "affected",
        "version": "12.0.0"
      }
    ]
  }
]

References

consumer.huawei.com/en/support/bulletin/2024/2/

device.harmonyos.com/cn/docs/security/update/security-bulletins-202402-0000001834855405

CVSS3

7.7

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H

AI Score

6.7

Confidence

Low

EPSS

Percentile

9.0%

JSON

Related for CVE-2023-52367