Lucene search

HuaweiCVE-2023-52539

HistoryApr 08, 2024 - 9:15 a.m.

CVE-2023-52539

2024-04-0809:15:08

CWE-285

huawei

web.nvd.nist.gov

cve-2023-52539

nvd

confidentiality

vulnerability

exploitation

settings module

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

AI Score

6.8

Confidence

Low

EPSS

Percentile

9.0%

JSON

Permission verification vulnerability in the Settings module.
Impact: Successful exploitation of this vulnerability may affect service confidentiality.

Affected configurations

Vulners

Vulnrichment

Node

huaweiharmonyosMatch4.0.0

huaweiharmonyosMatch3.1.0

huaweiharmonyosMatch3.0.0

huaweiharmonyosMatch2.1.0

huaweiharmonyosMatch2.0.0

huaweiemuiMatch13.0.0

huaweiemuiMatch12.0.0

VendorProductVersionCPE
huaweiharmonyos4.0.0cpe:2.3:o:huawei:harmonyos:4.0.0:*:*:*:*:*:*:*
huaweiharmonyos3.1.0cpe:2.3:o:huawei:harmonyos:3.1.0:*:*:*:*:*:*:*
huaweiharmonyos3.0.0cpe:2.3:o:huawei:harmonyos:3.0.0:*:*:*:*:*:*:*
huaweiharmonyos2.1.0cpe:2.3:o:huawei:harmonyos:2.1.0:*:*:*:*:*:*:*
huaweiharmonyos2.0.0cpe:2.3:o:huawei:harmonyos:2.0.0:*:*:*:*:*:*:*
huaweiemui13.0.0cpe:2.3:o:huawei:emui:13.0.0:*:*:*:*:*:*:*
huaweiemui12.0.0cpe:2.3:o:huawei:emui:12.0.0:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
huawei	harmonyos	4.0.0	cpe:2.3:o:huawei:harmonyos:4.0.0:::::::*
huawei	harmonyos	3.1.0	cpe:2.3:o:huawei:harmonyos:3.1.0:::::::*
huawei	harmonyos	3.0.0	cpe:2.3:o:huawei:harmonyos:3.0.0:::::::*
huawei	harmonyos	2.1.0	cpe:2.3:o:huawei:harmonyos:2.1.0:::::::*
huawei	harmonyos	2.0.0	cpe:2.3:o:huawei:harmonyos:2.0.0:::::::*
huawei	emui	13.0.0	cpe:2.3:o:huawei:emui:13.0.0:::::::*
huawei	emui	12.0.0	cpe:2.3:o:huawei:emui:12.0.0:::::::*

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "HarmonyOS",
    "vendor": "Huawei",
    "versions": [
      {
        "status": "affected",
        "version": "4.0.0"
      },
      {
        "status": "affected",
        "version": "3.1.0"
      },
      {
        "status": "affected",
        "version": "3.0.0"
      },
      {
        "status": "affected",
        "version": "2.1.0"
      },
      {
        "status": "affected",
        "version": "2.0.0"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "EMUI",
    "vendor": "Huawei",
    "versions": [
      {
        "status": "affected",
        "version": "13.0.0"
      },
      {
        "status": "affected",
        "version": "12.0.0"
      }
    ]
  }
]

References

consumer.huawei.com/en/support/bulletin/2024/3/

device.harmonyos.com/en/docs/security/update/security-bulletins-202403-0000001667644725

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

AI Score

6.8

Confidence

Low

EPSS

Percentile

9.0%

JSON

Related for CVE-2023-52539