CVE-2023-34157 : Vulnerability of HwWatchHealth being hijacked.Successful exploitation of this vu

Vulnerability of HwWatchHealth being hijacked.Successful exploitation of this vulnerability may cause repeated pop-up windows of the app.

Published 2023-06-16 07:15:09

Updated 2024-12-17 17:15:07

Source Huawei Technologies

View at NVD, CVE.org

Products affected by CVE-2023-34157

Huawei » Harmonyos
Versions before (<) 2.0
cpe:2.3:o:huawei:harmonyos:*:*:*:*:*:*:*:*
Matching versions

EPSS FAQ

0.16%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 34 %

Percentile, the proportion of vulnerabilities that are scored at or less

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
6.5	MEDIUM	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L	3.9	2.5	NIST
Attack Vector: Network Attack Complexity: Low Privileges Required: None User Interaction: None Scope: Unchanged Confidentiality: None Integrity: Low Availability: Low
10.0	CRITICAL	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H	3.9	6.0	Huawei Technologies
Attack Vector: Network Attack Complexity: Low Privileges Required: None User Interaction: None Scope: Changed Confidentiality: High Integrity: High Availability: High

CWE-290 Authentication Bypass by Spoofing

This attack-focused weakness is caused by incorrectly implemented authentication schemes that are subject to spoofing attacks.

Assigned by: 134c704f-9b21-4f2e-91b3-4a467353bcc0 (Secondary)

Jump to