Lucene search

Huawei TechnologiesHUAWEI-SA-VOIIACIAHPP-6376E0C7

HistoryApr 17, 2024 - 12:00 a.m.

Security Advisory - Vulnerability of Improper Interface Access Control in a Huawei PC Product

2024-04-1700:00:00

Huawei Technologies

www.huawei.com

huawei

vulnerability

improper access control

smm leaks

uefi shell

memory leaks

cve-2023-52711

hwpsirt-2023-64955

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

6.5

Confidence

High

EPSS

Percentile

9.0%

JSON

A Huawei PC product has a vulnerability in improper interface access control. Successful exploitation of this vulnerability may cause SMM leaks. Attackers can exploit this vulnerability to boot the UEFI shell and cause memory leaks.(Vulnerability ID:HWPSIRT-2023-64955)

This vulnerability has been assigned a (CVE) ID: CVE-2023-52711

Affected configurations

Vulners

Node

huaweicuriem-wfg9b_firmwareMatchcuriem-wfg9b

huaweicuriem-wfg9b_firmwareMatch2.28

VendorProductVersionCPE
huaweicuriem-wfg9b_firmwarecuriem-wfg9bcpe:2.3:a:huawei:curiem-wfg9b_firmware:curiem-wfg9b:*:*:*:*:*:*:*
huaweicuriem-wfg9b_firmware2.28cpe:2.3:a:huawei:curiem-wfg9b_firmware:2.28:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
huawei	curiem-wfg9b_firmware	curiem-wfg9b	cpe:2.3:a:huawei:curiem-wfg9b_firmware:curiem-wfg9b:::::::*
huawei	curiem-wfg9b_firmware	2.28	cpe:2.3:a:huawei:curiem-wfg9b_firmware:2.28:::::::*

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

6.5

Confidence

High

EPSS

Percentile

9.0%

JSON

Related for HUAWEI-SA-VOIIACIAHPP-6376E0C7