Lucene search

[email protected]CVE-2024-37030

HistoryJul 02, 2024 - 9:15 a.m.

CVE-2024-37030

2024-07-0209:15:18

CWE-416

[email protected]

web.nvd.nist.gov

openharmony

v4.0.0

remote code execution

vulnerability

pre-installed apps

use after free

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

0.001 Low

EPSS

Percentile

39.3%

JSON

in OpenHarmony v4.0.0 and prior versions allow a remote attacker arbitrary code execution in pre-installed apps through use after free.

Affected configurations

NVD

Node

openharmonyopenharmonyRange≤4.0-

CPENameOperatorVersion
openharmony:openharmonyopenharmonyle4.0

CPE	Name	Operator	Version
openharmony:openharmony	openharmony	le	4.0

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "OpenHarmony",
    "vendor": "OpenHarmony",
    "versions": [
      {
        "lessThanOrEqual": "4.0.1",
        "status": "affected",
        "version": "v4.0.0",
        "versionType": "custom"
      }
    ]
  }
]

References

gitee.com/openharmony/security/blob/master/zh/security-disclosure/2024/2024-07.md

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

0.001 Low

EPSS

Percentile

39.3%

JSON

Related for CVE-2024-37030

cvelist1 vulnrichment1 nvd1