CVE-2023-44116

Vulnerability of access permissions not being strictly verified in the APPWidget module.Successful exploitation of this vulnerability may cause some apps to run without being authorized.

CVSS v3 9.8 CRITICAL

9.8^/10

CVSS v3 : CRITICAL

Vector :

Exploitability : 3.9 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://consumer.huawei.com/en/support/bulletin/2023/10/	Vendor Advisory
https://device.harmonyos.com/en/docs/security/update/security-bulletins-202310-0000001663676540	Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:o:huawei:harmonyos:2.0.0:::::::*
	cpe:2.3:o:huawei:harmonyos:2.0.1:::::::*
	cpe:2.3:o:huawei:harmonyos:2.1.0:::::::*
	cpe:2.3:o:huawei:harmonyos:3.0.0:::::::*
	cpe:2.3:o:huawei:harmonyos:3.1.0:::::::*
	cpe:2.3:o:huawei:harmonyos:4.0.0:::::::*

Configuration 2 (hide)

OR	cpe:2.3:o:huawei:emui:11.0.1:::::::*
	cpe:2.3:o:huawei:emui:12.0.0:::::::*
	cpe:2.3:o:huawei:emui:12.0.1:::::::*
	cpe:2.3:o:huawei:emui:13.0.0:::::::*

History

No history.

Information

Published : 2023-10-11 13:15

Updated : 2023-10-15 01:49

NVD link : CVE-2023-44116

Mitre link : CVE-2023-44116

CVE.ORG link : CVE-2023-44116

JSON object : View

Products Affected

huawei

harmonyos
emui

CWE

CWE-306

Missing Authentication for Critical Function

{"id": "CVE-2023-44116", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 3.9}]}, "published": "2023-10-11T13:15:10.160", "references": [{"url": "https://consumer.huawei.com/en/support/bulletin/2023/10/", "tags": ["Vendor Advisory"], "source": "psirt@huawei.com"}, {"url": "https://device.harmonyos.com/en/docs/security/update/security-bulletins-202310-0000001663676540", "tags": ["Vendor Advisory"], "source": "psirt@huawei.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-306"}]}, {"type": "Secondary", "source": "psirt@huawei.com", "description": [{"lang": "en", "value": "CWE-306"}]}], "descriptions": [{"lang": "en", "value": "Vulnerability of access permissions not being strictly verified in the APPWidget module.Successful exploitation of this vulnerability may cause some apps to run without being authorized."}, {"lang": "es", "value": "Vulnerabilidad de que los permisos de acceso no se verifican estrictamente en el m\u00f3dulo APPWidget. La explotaci\u00f3n exitosa de esta vulnerabilidad puede causar que algunas aplicaciones se ejecuten sin autorizaci\u00f3n."}], "lastModified": "2023-10-15T01:49:29.117", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:huawei:harmonyos:2.0.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "20112231-B840-44D3-A061-B9B9F80EE378"}, {"criteria": "cpe:2.3:o:huawei:harmonyos:2.0.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "64118936-E2A5-4935-8594-29DF29B5475A"}, {"criteria": "cpe:2.3:o:huawei:harmonyos:2.1.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C01447F1-7F58-4AE3-B403-C01B2575D898"}, {"criteria": "cpe:2.3:o:huawei:harmonyos:3.0.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "CB3751C1-7729-41D3-AE50-80B5AF601135"}, {"criteria": "cpe:2.3:o:huawei:harmonyos:3.1.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4D81C4EF-7CAF-4E60-91A4-8CF7B95B2B54"}, {"criteria": "cpe:2.3:o:huawei:harmonyos:4.0.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8198CDB2-4BC5-411A-8736-615A531FC545"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:huawei:emui:11.0.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "511F8CE2-C2B6-4A08-B992-49D9B75B8655"}, {"criteria": "cpe:2.3:o:huawei:emui:12.0.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A974CA73-84E8-480B-BB4C-4A81D0C985B2"}, {"criteria": "cpe:2.3:o:huawei:emui:12.0.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2DF07E7F-3A18-4B74-B73D-DF3647C2A48F"}, {"criteria": "cpe:2.3:o:huawei:emui:13.0.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "353AEAF2-AF46-4835-93E1-4F942D5E2810"}], "operator": "OR"}]}], "sourceIdentifier": "psirt@huawei.com"}