Lucene search

XiaomiCVELIST:CVE-2023-26322

HistoryAug 28, 2024 - 7:59 a.m.

CVE-2023-26322 GetApps application has code execution vulnerability

2024-08-2807:59:26

Xiaomi

www.cve.org

cve-2023-26322

getapps

code execution

xiaomigetapps

verification logic

malicious code

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

EPSS

0.001

Percentile

48.4%

JSON

A code execution vulnerability exists in the XiaomiGetApps application product. This vulnerability is caused by the verification logic being bypassed, and an attacker can exploit this vulnerability to execute malicious code.

CNA Affected

[
  {
    "defaultStatus": "affected",
    "product": "GetApps application",
    "vendor": "Xiaomi",
    "versions": [
      {
        "changes": [
          {
            "at": "32.0.0.1",
            "status": "unaffected"
          }
        ],
        "lessThanOrEqual": "31.2.5.0",
        "status": "affected",
        "version": "GetApps application",
        "versionType": "custom"
      }
    ]
  }
]

References

trust.mi.com/misrc/bulletins/advisory?cveId=542

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

EPSS

0.001

Percentile

48.4%

JSON

Related for CVELIST:CVE-2023-26322