Lucene search

HuaweiCVELIST:CVE-2023-52106

HistoryJan 16, 2024 - 9:26 a.m.

CVE-2023-52106

2024-01-1609:26:20

CWE-264

huawei

www.cve.org

downloadprovidermain module

vulnerability

integrity

availability

api permission verification

cve-2023-52106

CVSS3

4.4

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L

AI Score

9.3

Confidence

High

EPSS

0.001

Percentile

23.7%

JSON

Vulnerability of permission verification for APIs in the DownloadProviderMain module.
Impact: Successful exploitation of this vulnerability will affect integrity and availability.

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "HarmonyOS",
    "vendor": "Huawei",
    "versions": [
      {
        "status": "affected",
        "version": "4.0.0"
      },
      {
        "status": "affected",
        "version": "3.1.0"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "EMUI",
    "vendor": "Huawei",
    "versions": [
      {
        "status": "affected",
        "version": "13.0.0"
      }
    ]
  }
]

References

consumer.huawei.com/en/support/bulletin/2024/1/

consumer.huawei.com/en/support/bulletin/2024/9/

device.harmonyos.com/en/docs/security/update/security-bulletins-202401-0000001799925977

CVSS3

4.4

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L

AI Score

9.3

Confidence

High

EPSS

0.001

Percentile

23.7%

JSON

Related for CVELIST:CVE-2023-52106