CVE-2023-37242

Published: Jul 6, 2023Modified: Nov 21, 2024

9.8

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability: 3.9 / Impact: 5.9

Source: NVD

Description

Vulnerability of commands from the modem being intercepted in the atcmdserver module. Attackers may exploit this vulnerability to rewrite the non-volatile random-access memory (NVRAM), or facilitate the exploitation of other vulnerabilities.

Affected (4)

Products: Huawei: Emui, Harmonyos

Huawei

2 products

Emui

Harmonyos

Configuration A

4 vulnerable

Vulnerable Software	Affected Versions
Huawei Emui	Version 12.0.0
Huawei Emui	Version 13.0.0
Huawei Harmonyos	Version 2.0
Huawei Harmonyos	Version 3.0.0

Related CWEs

CWE-639

Authorization Bypass Through User-Controlled Key

The system's authorization functionality does not prevent one user from gaining access to another user's data or record by modifying the key value identifying the data.

References (4)

https://consumer.huawei.com/en/support/bulletin/2023/7/

Source: psirt@huawei.com

Vendor Advisory

https://device.harmonyos.com/en/docs/security/update/security-bulletins-202307-0000001587168858

Source: psirt@huawei.com

Vendor Advisory

https://consumer.huawei.com/en/support/bulletin/2023/7/

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

https://device.harmonyos.com/en/docs/security/update/security-bulletins-202307-0000001587168858

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.