CVE-2023-52713 - Vulnerability Details - OpenCVE

ReportizFlow

Vulnerability of improper permission control in the window management module. Impact: Successful exploitation of this vulnerability will affect availability and confidentiality.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation none

Automatable no

Technical Impact partial

Vendors	Products
Huawei	Emui Harmonyos

Configuration 1 [-]

OR	cpe:2.3:o:huawei:emui:12.0.0:::::::*
	cpe:2.3:o:huawei:emui:13.0.0:::::::*
	cpe:2.3:o:huawei:harmonyos:2.0.0:::::::*
	cpe:2.3:o:huawei:harmonyos:2.1.0:::::::*
	cpe:2.3:o:huawei:harmonyos:3.0.0:::::::*
	cpe:2.3:o:huawei:harmonyos:3.1.0:::::::*
	cpe:2.3:o:huawei:harmonyos:4.0.0:::::::*

No data.

References

Link	Providers
https://consumer.huawei.com/en/support/bulletin/2024/4/
https://device.harmonyos.com/en/docs/security/update/security-bulletins-202404-0000001880501689

History

Thu, 13 Mar 2025 15:15:00 +0000

Type	Values Removed	Values Added
First Time appeared		Huawei Huawei emui Huawei harmonyos
CPEs		cpe:2.3:o:huawei:emui:12.0.0:::::::* cpe:2.3:o:huawei:emui:13.0.0:::::::* cpe:2.3:o:huawei:harmonyos:2.0.0:::::::* cpe:2.3:o:huawei:harmonyos:2.1.0:::::::* cpe:2.3:o:huawei:harmonyos:3.0.0:::::::* cpe:2.3:o:huawei:harmonyos:3.1.0:::::::* cpe:2.3:o:huawei:harmonyos:4.0.0:::::::*
Vendors & Products		Huawei Huawei emui Huawei harmonyos

Thu, 14 Nov 2024 20:15:00 +0000

Type	Values Removed	Values Added
Weaknesses		CWE-862
Metrics		cvssV3_1 `{'score': 7.7, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H'}`

MITRE

Status: PUBLISHED

Assigner: huawei

Published: 2024-04-07T08:41:49.250Z

Updated: 2024-11-14T19:53:45.209Z

Reserved: 2024-03-27T03:37:42.326Z

Link: CVE-2023-52713

Vulnrichment

Updated: 2024-08-02T23:11:35.143Z

NVD

Status : Analyzed

Published: 2024-04-07T09:15:08.377

Modified: 2025-03-13T14:51:44.177

Link: CVE-2023-52713

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-52713", "assignerOrgId": "25ac1063-e409-4190-8079-24548c77ea2e", "state": "PUBLISHED", "assignerShortName": "huawei", "dateReserved": "2024-03-27T03:37:42.326Z", "datePublished": "2024-04-07T08:41:49.250Z", "dateUpdated": "2024-11-14T19:53:45.209Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "HarmonyOS", "vendor": "Huawei", "versions": [{"status": "affected", "version": "4.0.0"}, {"status": "affected", "version": "3.1.0"}, {"status": "affected", "version": "3.0.0"}, {"status": "affected", "version": "2.1.0"}, {"status": "affected", "version": "2.0.0"}]}, {"defaultStatus": "unaffected", "product": "EMUI", "vendor": "Huawei", "versions": [{"status": "affected", "version": "13.0.0"}, {"status": "affected", "version": "12.0.0"}]}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Vulnerability of improper permission control in the window management module.<br>Impact: Successful exploitation of this vulnerability will affect availability and confidentiality."}], "value": "Vulnerability of improper permission control in the window management module.\nImpact: Successful exploitation of this vulnerability will affect availability and confidentiality."}], "problemTypes": [{"descriptions": [{"description": "Permissions, Privileges, and Access Controls", "lang": "en"}]}], "providerMetadata": {"orgId": "25ac1063-e409-4190-8079-24548c77ea2e", "shortName": "huawei", "dateUpdated": "2024-04-07T08:41:49.250Z"}, "references": [{"url": "https://consumer.huawei.com/en/support/bulletin/2024/4/"}, {"url": "https://device.harmonyos.com/en/docs/security/update/security-bulletins-202404-0000001880501689"}], "source": {"discovery": "UNKNOWN"}, "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}, "adp": [{"problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-862", "lang": "en", "description": "CWE-862 Missing Authorization"}]}], "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.7, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2024-07-16T19:42:49.196947Z", "id": "CVE-2023-52713", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-11-14T19:53:45.209Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T23:11:35.143Z"}, "title": "CVE Program Container", "references": [{"url": "https://consumer.huawei.com/en/support/bulletin/2024/4/", "tags": ["x_transferred"]}, {"url": "https://device.harmonyos.com/en/docs/security/update/security-bulletins-202404-0000001880501689", "tags": ["x_transferred"]}]}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://consumer.huawei.com/en/support/bulletin/2024/4/", "tags": ["x_transferred"]}, {"url": "https://device.harmonyos.com/en/docs/security/update/security-bulletins-202404-0000001880501689", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T23:11:35.143Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.7, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2023-52713", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-07-16T19:42:49.196947Z"}}}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-862", "description": "CWE-862 Missing Authorization"}]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-07-16T19:42:54.524Z"}}], "cna": {"source": {"discovery": "UNKNOWN"}, "affected": [{"vendor": "Huawei", "product": "HarmonyOS", "versions": [{"status": "affected", "version": "4.0.0"}, {"status": "affected", "version": "3.1.0"}, {"status": "affected", "version": "3.0.0"}, {"status": "affected", "version": "2.1.0"}, {"status": "affected", "version": "2.0.0"}], "defaultStatus": "unaffected"}, {"vendor": "Huawei", "product": "EMUI", "versions": [{"status": "affected", "version": "13.0.0"}, {"status": "affected", "version": "12.0.0"}], "defaultStatus": "unaffected"}], "references": [{"url": "https://consumer.huawei.com/en/support/bulletin/2024/4/"}, {"url": "https://device.harmonyos.com/en/docs/security/update/security-bulletins-202404-0000001880501689"}], "x_generator": {"engine": "Vulnogram 0.1.0-dev"}, "descriptions": [{"lang": "en", "value": "Vulnerability of improper permission control in the window management module.\nImpact: Successful exploitation of this vulnerability will affect availability and confidentiality.", "supportingMedia": [{"type": "text/html", "value": "Vulnerability of improper permission control in the window management module.<br>Impact: Successful exploitation of this vulnerability will affect availability and confidentiality.", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "Permissions, Privileges, and Access Controls"}]}], "providerMetadata": {"orgId": "25ac1063-e409-4190-8079-24548c77ea2e", "shortName": "huawei", "dateUpdated": "2024-04-07T08:41:49.250Z"}}}, "cveMetadata": {"cveId": "CVE-2023-52713", "state": "PUBLISHED", "dateUpdated": "2024-11-14T19:53:45.209Z", "dateReserved": "2024-03-27T03:37:42.326Z", "assignerOrgId": "25ac1063-e409-4190-8079-24548c77ea2e", "datePublished": "2024-04-07T08:41:49.250Z", "assignerShortName": "huawei"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:huawei:emui:12.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "A974CA73-84E8-480B-BB4C-4A81D0C985B2", "vulnerable": true}, {"criteria": "cpe:2.3:o:huawei:emui:13.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "353AEAF2-AF46-4835-93E1-4F942D5E2810", "vulnerable": true}, {"criteria": "cpe:2.3:o:huawei:harmonyos:2.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "20112231-B840-44D3-A061-B9B9F80EE378", "vulnerable": true}, {"criteria": "cpe:2.3:o:huawei:harmonyos:2.1.0:*:*:*:*:*:*:*", "matchCriteriaId": "C01447F1-7F58-4AE3-B403-C01B2575D898", "vulnerable": true}, {"criteria": "cpe:2.3:o:huawei:harmonyos:3.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "CB3751C1-7729-41D3-AE50-80B5AF601135", "vulnerable": true}, {"criteria": "cpe:2.3:o:huawei:harmonyos:3.1.0:*:*:*:*:*:*:*", "matchCriteriaId": "4D81C4EF-7CAF-4E60-91A4-8CF7B95B2B54", "vulnerable": true}, {"criteria": "cpe:2.3:o:huawei:harmonyos:4.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "8198CDB2-4BC5-411A-8736-615A531FC545", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Vulnerability of improper permission control in the window management module.\nImpact: Successful exploitation of this vulnerability will affect availability and confidentiality."}, {"lang": "es", "value": "Vulnerabilidad de control inadecuado de permisos en el m\u00f3dulo de gesti\u00f3n de ventanas. Impacto: La explotaci\u00f3n exitosa de esta vulnerabilidad afectar\u00e1 la disponibilidad y la confidencialidad."}], "id": "CVE-2023-52713", "lastModified": "2025-03-13T14:51:44.177", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.7, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 2.5, "impactScore": 5.2, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2024-04-07T09:15:08.377", "references": [{"source": "[email protected]", "tags": ["Vendor Advisory"], "url": "https://consumer.huawei.com/en/support/bulletin/2024/4/"}, {"source": "[email protected]", "tags": ["Vendor Advisory"], "url": "https://device.harmonyos.com/en/docs/security/update/security-bulletins-202404-0000001880501689"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://consumer.huawei.com/en/support/bulletin/2024/4/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://device.harmonyos.com/en/docs/security/update/security-bulletins-202404-0000001880501689"}], "sourceIdentifier": "[email protected]", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-862"}], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}