CVE-2023-0036

Published: Jan 9, 2023Modified: Nov 21, 2024

7.8

Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Exploitability: 1.8 / Impact: 5.9

Source: NVD

Description

platform_callback_stub in misc subsystem within OpenHarmony-v3.0.5 and prior versions has an authentication bypass vulnerability which allows an "SA relay attack".Local attackers can bypass authentication and attack other SAs with high privilege.

Affected (1)

Products: Openatom: Openharmony

Openatom

1 product

Openharmony

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Openatom Openharmony	From 3.0 to 3.0.5

Related CWEs

CWE-287

Improper Authentication

When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

CWE-294

Authentication Bypass by Capture-replay

A capture-replay flaw exists when the design of the product makes it possible for a malicious user to sniff network traffic and bypass authentication by replaying it to the server in question to the same effect as the original message (or with minor changes).

References (2)

https://gitee.com/openharmony/security/blob/master/en/security-disclosure/2023/2023-01.md

Source: scy@openharmony.io

Third Party Advisory

https://gitee.com/openharmony/security/blob/master/en/security-disclosure/2023/2023-01.md

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

Timeline

No history available yet.