FeedlyFeedly
CVEsCVEs
Threat IntelligenceThreat Intelligence
Threat IntelligenceThreat Intelligence
Log in
ChangelogChangelog
ChangelogChangelog
Log in
Log in
Start Free Trial
Start Free Trial
FeedlyFeedly
CVEsCVEs
Threat IntelligenceThreat Intelligence
Threat IntelligenceThreat Intelligence
Log in
ChangelogChangelog
ChangelogChangelog
Log in
Log in
Start Free Trial
Start Free Trial

CVE-2024-51511

Improper Input Validation (CWE-20)

Published: Nov 5, 2024 / Updated: 14d ago

010
CVSS 5.5EPSS 0.04%Medium
CVE info copied to clipboard

Summary

A vulnerability exists in the WantAgent module where the parameter type is not being verified. This is an instance of improper input validation.

Impact

Successful exploitation of this vulnerability may affect the availability of the system. The attack vector is local, requiring low privileges and no user interaction. The impact is limited to availability, with no effect on confidentiality or integrity.

Exploitation

There is no evidence that a public proof-of-concept exists. There is no evidence of proof of exploitation at the moment.

Patch

A patch is available. Huawei has released a security bulletin on November 7, 2024, which can be accessed at https://consumer.huawei.com/en/support/bulletin/2024/11/

Mitigation

Update to the latest version of HarmonyOS as provided in the Huawei security bulletin. Implement input validation mechanisms to ensure proper verification of parameter types in the WantAgent module. Restrict local access and enforce principle of least privilege to minimize the risk of exploitation.

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Timeline

First Article

Feedly found the first article mentioning CVE-2024-51511. See article

Nov 5, 2024 at 8:32 AM / <object object at 0x79b19ecc4180>
CVSS Estimate

Feedly estimated the CVSS score as HIGH

Nov 5, 2024 at 8:49 AM
CVE Assignment

NVD published the first details for CVE-2024-51511

Nov 5, 2024 at 9:15 AM
CVSS

A CVSS base score of 6.2 has been assigned.

Nov 5, 2024 at 9:20 AM / nvd
CVSS Estimate

Feedly estimated the CVSS score as MEDIUM

Nov 5, 2024 at 9:34 AM
EPSS

EPSS Score was set to: 0.04% (Percentile: 10%)

Nov 6, 2024 at 11:56 AM
CVSS

A CVSS base score of 5.5 has been assigned.

Nov 7, 2024 at 5:05 PM / nvd
Static CVE Timeline Graph

Affected Systems

Huawei/harmonyos
+null more

Patches

consumer.huawei.com
+null more

Links to Mitre Att&cks

T1562.003: Impair Command History Logging
+null more

Attack Patterns

CAPEC-10: Buffer Overflow via Environment Variables
+null more

References

Huawei lists EMUI and HarmonyOS November 2024 security patch details
Huawei Central / 14d
We’re on 5th November 2024 and Huawei has revealed new security patch details for its EMUI and HarmonyOS devices. Huawei has eliminated around 21 vulnerabilities with the November 2024 security patch for EMUI and HarmonyOS models.

News

Huawei lists EMUI and HarmonyOS November 2024 security patch details
Huawei Central / 14d
We’re on 5th November 2024 and Huawei has revealed new security patch details for its EMUI and HarmonyOS devices. Huawei has eliminated around 21 vulnerabilities with the November 2024 security patch for EMUI and HarmonyOS models.
CVE-2024-51511 | Huawei HarmonyOS 5.0.0 WantAgent Module denial of service
VulDB Recent Entries / 14d
A vulnerability classified as problematic was found in Huawei HarmonyOS 5.0.0 . This vulnerability affects unknown code of the component WantAgent Module . The manipulation leads to denial of service. This vulnerability was named CVE-2024-51511 . An attack has to be approached locally. There is no exploit available.
CVE-2024-51511 - Oracle WantAgent Improper Parameter Verification Remote Vulnerability
Latest Vulnerabilities / 14d
CVE ID : CVE-2024-51511 Published : Nov. 5, 2024, 9:15 a.m. 49 minutes ago Description : Vulnerability of parameter type not being verified in the WantAgent module Impact: Successful exploitation of this vulnerability may affect availability. Severity: 6.2
CVE-2024-51511
Vulners.com RSS Feed / 14d
Vulnerability of parameter type not being verified in the WantAgent module Impact: Successful exploitation of this vulnerability may affect...
CVE-2024-51511
National Vulnerability Database / 14d
Vulnerability of parameter type not being verified in the WantAgent module Impact: Successful exploitation of this vulnerability may affect availability.
See 1 more articles and social media posts

CVSS V3.1

Attack Vector:Local
Attack Complexity:Low
Privileges Required:Low
User Interaction:None
Scope:Unchanged
Confidentiality:None
Integrity:None
Availability Impact:High

Categories

CVSS 5.5(34618)CWE-20(11385)Huawei(1913)

Be the first to know about critical vulnerabilities

Collect, analyze, and share vulnerability reports faster using AI

Feedly Threat Intelligence30-day free trial