Lucene search

Huawei TechnologiesHUAWEI-SA-IHOLPIIAHPP-0AB7D6DB

HistoryApr 17, 2024 - 12:00 a.m.

Security Advisory - Improper Handling of Length Parameter Inconsistency in a Huawei PC Product

2024-04-1700:00:00

Huawei Technologies

www.huawei.com

security advisory

huawei pc

improper handling

length parameter

data compromise

code execution

cve-2023-52547

software

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

6.9

Confidence

High

EPSS

Percentile

9.0%

JSON

A Huawei PC product is vulnerable to improper handling of length parameter inconsistency. Successful exploitation of this vulnerability can compromise the data structure stored at the beginning of SMRAM and may cause code execution in SMM.(Vulnerability ID:HWPSIRT-2023-91490)

This vulnerability has been assigned a (CVE)ID:CVE-2023-52547

Affected configurations

Vulners

Node

huaweicuriem-wfg9b_-_curiem-wfg9b_firmwareMatchota-curiem-bios-2.29

VendorProductVersionCPE
huaweicuriem-wfg9b_-_curiem-wfg9b_firmwareota-curiem-bios-2.29cpe:2.3:a:huawei:curiem-wfg9b_-_curiem-wfg9b_firmware:ota-curiem-bios-2.29:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
huawei	curiem-wfg9b_-_curiem-wfg9b_firmware	ota-curiem-bios-2.29	cpe:2.3:a:huawei:curiem-wfg9b_-_curiem-wfg9b_firmware:ota-curiem-bios-2.29:::::::*

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

6.9

Confidence

High

EPSS

Percentile

9.0%

JSON

Related for HUAWEI-SA-IHOLPIIAHPP-0AB7D6DB