Lucene search

HuaweiCVE-2024-42032

HistoryAug 08, 2024 - 9:15 a.m.

CVE-2024-42032

2024-08-0809:15:07

CWE-701

huawei

web.nvd.nist.gov

vulnerability

contacts module

service confidentiality

access permission

CVSS3

5.5

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

AI Score

4.8

Confidence

High

EPSS

0.001

Percentile

21.4%

JSON

Access permission verification vulnerability in the Contacts module
Impact: Successful exploitation of this vulnerability may affect service confidentiality.

Affected configurations

Nvd

Vulners

Node

huaweiemuiMatch12.0.0

huaweiemuiMatch13.0.0

huaweiemuiMatch14.0.0

huaweiharmonyosMatch2.0.0

huaweiharmonyosMatch2.1.0

huaweiharmonyosMatch3.0.0

huaweiharmonyosMatch3.1.0

huaweiharmonyosMatch4.0.0

huaweiharmonyosMatch4.2.0

VendorProductVersionCPE
huaweiemui12.0.0cpe:2.3:o:huawei:emui:12.0.0:*:*:*:*:*:*:*
huaweiemui13.0.0cpe:2.3:o:huawei:emui:13.0.0:*:*:*:*:*:*:*
huaweiemui14.0.0cpe:2.3:o:huawei:emui:14.0.0:*:*:*:*:*:*:*
huaweiharmonyos2.0.0cpe:2.3:o:huawei:harmonyos:2.0.0:*:*:*:*:*:*:*
huaweiharmonyos2.1.0cpe:2.3:o:huawei:harmonyos:2.1.0:*:*:*:*:*:*:*
huaweiharmonyos3.0.0cpe:2.3:o:huawei:harmonyos:3.0.0:*:*:*:*:*:*:*
huaweiharmonyos3.1.0cpe:2.3:o:huawei:harmonyos:3.1.0:*:*:*:*:*:*:*
huaweiharmonyos4.0.0cpe:2.3:o:huawei:harmonyos:4.0.0:*:*:*:*:*:*:*
huaweiharmonyos4.2.0cpe:2.3:o:huawei:harmonyos:4.2.0:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
huawei	emui	12.0.0	cpe:2.3:o:huawei:emui:12.0.0:::::::*
huawei	emui	13.0.0	cpe:2.3:o:huawei:emui:13.0.0:::::::*
huawei	emui	14.0.0	cpe:2.3:o:huawei:emui:14.0.0:::::::*
huawei	harmonyos	2.0.0	cpe:2.3:o:huawei:harmonyos:2.0.0:::::::*
huawei	harmonyos	2.1.0	cpe:2.3:o:huawei:harmonyos:2.1.0:::::::*
huawei	harmonyos	3.0.0	cpe:2.3:o:huawei:harmonyos:3.0.0:::::::*
huawei	harmonyos	3.1.0	cpe:2.3:o:huawei:harmonyos:3.1.0:::::::*
huawei	harmonyos	4.0.0	cpe:2.3:o:huawei:harmonyos:4.0.0:::::::*
huawei	harmonyos	4.2.0	cpe:2.3:o:huawei:harmonyos:4.2.0:::::::*

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "HarmonyOS",
    "vendor": "Huawei",
    "versions": [
      {
        "status": "affected",
        "version": "4.2.0"
      },
      {
        "status": "affected",
        "version": "4.0.0"
      },
      {
        "status": "affected",
        "version": "3.1.0"
      },
      {
        "status": "affected",
        "version": "3.0.0"
      },
      {
        "status": "affected",
        "version": "2.1.0"
      },
      {
        "status": "affected",
        "version": "2.0.0"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "EMUI",
    "vendor": "Huawei",
    "versions": [
      {
        "status": "affected",
        "version": "14.0.0"
      },
      {
        "status": "affected",
        "version": "13.0.0"
      },
      {
        "status": "affected",
        "version": "12.0.0"
      }
    ]
  }
]

References

consumer.huawei.com/en/support/bulletin/2024/8/

CVSS3

5.5

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

AI Score

4.8

Confidence

High

EPSS

0.001

Percentile

21.4%

JSON

Related for CVE-2024-42032