Lucene search

HuaweiVULNRICHMENT:CVE-2024-39670

HistoryJul 25, 2024 - 11:45 a.m.

CVE-2024-39670

2024-07-2511:45:24

CWE-264

huawei

github.com

privilege escalation

account synchronisation

availability

CVSS3

6.2

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

AI Score

7.2

Confidence

High

EPSS

Percentile

9.4%

SSVC

Exploitation

none

Automatable

Technical Impact

partial

JSON

Privilege escalation vulnerability in the account synchronisation module.
Impact: Successful exploitation of this vulnerability will affect availability.

CNA Affected

[
  {
    "vendor": "Huawei",
    "product": "HarmonyOS",
    "versions": [
      {
        "status": "affected",
        "version": "4.2.0"
      },
      {
        "status": "affected",
        "version": "4.0.0"
      },
      {
        "status": "affected",
        "version": "3.1.0"
      },
      {
        "status": "affected",
        "version": "3.0.0"
      },
      {
        "status": "affected",
        "version": "2.1.0"
      },
      {
        "status": "affected",
        "version": "2.0.0"
      }
    ],
    "defaultStatus": "unaffected"
  },
  {
    "vendor": "Huawei",
    "product": "EMUI",
    "versions": [
      {
        "status": "affected",
        "version": "14.0.0"
      },
      {
        "status": "affected",
        "version": "13.0.0"
      },
      {
        "status": "affected",
        "version": "12.0.0"
      }
    ],
    "defaultStatus": "unaffected"
  }
]

ADP Affected

[
  {
    "cpes": [
      "cpe:2.3:o:huawei:harmonyos:*:*:*:*:*:*:*:*"
    ],
    "vendor": "huawei",
    "product": "harmonyos",
    "versions": [
      {
        "status": "affected",
        "version": "4.2.0"
      },
      {
        "status": "affected",
        "version": "4.0.0"
      },
      {
        "status": "affected",
        "version": "3.1.0"
      },
      {
        "status": "affected",
        "version": "3.0.0"
      },
      {
        "status": "affected",
        "version": "2.1.0"
      },
      {
        "status": "affected",
        "version": "2.0.0"
      }
    ],
    "defaultStatus": "unaffected"
  },
  {
    "cpes": [
      "cpe:2.3:o:huawei:emui:*:*:*:*:*:*:*:*"
    ],
    "vendor": "huawei",
    "product": "emui",
    "versions": [
      {
        "status": "affected",
        "version": "14.0.0"
      },
      {
        "status": "affected",
        "version": "13.0.0"
      },
      {
        "status": "affected",
        "version": "12.0.0"
      }
    ],
    "defaultStatus": "unaffected"
  }
]

References

consumer.huawei.com/en/support/bulletin/2024/7/

CVSS3

6.2

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

AI Score

7.2

Confidence

High

EPSS

Percentile

9.4%

SSVC

Exploitation

none

Automatable

Technical Impact

partial

JSON

Related for VULNRICHMENT:CVE-2024-39670