CVE-2024-51512

Improper Input Validation (CWE-20)

Published: Nov 5, 2024 / Updated: 14d ago

010
CVSS 5.5EPSS 0.04%Medium
CVE info copied to clipboard

Summary

A vulnerability exists in the WantAgent module where the parameter type is not being verified. This vulnerability affects HarmonyOS version 5.0.0.

Impact

Successful exploitation of this vulnerability may affect the availability of the system. Given the CVSS score of 5.5 (Medium severity) and the attack vector being local, an attacker with low privileges and no user interaction could potentially cause a high impact on system availability. This could result in denial of service, potentially making the affected HarmonyOS system or services unavailable to users.

Exploitation

There is no evidence that a public proof-of-concept exists. There is no evidence of proof of exploitation at the moment.

Patch

A patch is available. Huawei has released a security bulletin on November 7, 2024, which can be found at https://consumer.huawei.com/en/support/bulletin/2024/11/. The security team should review this bulletin for specific patching instructions.

Mitigation

1. Apply the patch provided by Huawei as soon as possible, prioritizing systems running HarmonyOS 5.0.0. 2. Implement the principle of least privilege to minimize the potential impact of local attacks. 3. Monitor systems for any unusual activity or attempts to exploit this vulnerability. 4. Consider implementing additional access controls or segmentation to limit the exposure of affected systems until patching is complete. 5. Regularly update and patch HarmonyOS systems as part of ongoing security maintenance.

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Timeline

First Article

Feedly found the first article mentioning CVE-2024-51512. See article

Nov 5, 2024 at 8:32 AM / <object object at 0x79b19ecc4180>
CVSS Estimate

Feedly estimated the CVSS score as HIGH

Nov 5, 2024 at 8:49 AM
CVE Assignment

NVD published the first details for CVE-2024-51512

Nov 5, 2024 at 9:15 AM
CVSS

A CVSS base score of 6.2 has been assigned.

Nov 5, 2024 at 9:20 AM / nvd
CVSS Estimate

Feedly estimated the CVSS score as MEDIUM

Nov 5, 2024 at 9:34 AM
EPSS

EPSS Score was set to: 0.04% (Percentile: 10%)

Nov 6, 2024 at 11:56 AM
CVSS

A CVSS base score of 5.5 has been assigned.

Nov 7, 2024 at 5:05 PM / nvd
Static CVE Timeline Graph

Affected Systems

Huawei/harmonyos
+null more

Patches

consumer.huawei.com
+null more

Links to Mitre Att&cks

T1562.003: Impair Command History Logging
+null more

Attack Patterns

CAPEC-10: Buffer Overflow via Environment Variables
+null more

References

Huawei lists EMUI and HarmonyOS November 2024 security patch details
We’re on 5th November 2024 and Huawei has revealed new security patch details for its EMUI and HarmonyOS devices. Huawei has eliminated around 21 vulnerabilities with the November 2024 security patch for EMUI and HarmonyOS models.

News

Huawei lists EMUI and HarmonyOS November 2024 security patch details
We’re on 5th November 2024 and Huawei has revealed new security patch details for its EMUI and HarmonyOS devices. Huawei has eliminated around 21 vulnerabilities with the November 2024 security patch for EMUI and HarmonyOS models.
CVE-2024-51512 | Huawei HarmonyOS 5.0.0 WantAgent Module denial of service
A vulnerability was found in Huawei HarmonyOS 5.0.0 . It has been classified as critical . Affected is an unknown function of the component WantAgent Module . The manipulation leads to denial of service. This vulnerability is traded as CVE-2024-51512 . Local access is required to approach this attack. There is no exploit available.
CVE-2024-51512 - Apache Struts Reflection-Type Vulnerability
CVE ID : CVE-2024-51512 Published : Nov. 5, 2024, 9:15 a.m. 49 minutes ago Description : Vulnerability of parameter type not being verified in the WantAgent module Impact: Successful exploitation of this vulnerability may affect availability. Severity: 6.2
CVE-2024-51512
Vulnerability of parameter type not being verified in the WantAgent module Impact: Successful exploitation of this vulnerability may affect...
CVE-2024-51512
Vulnerability of parameter type not being verified in the WantAgent module Impact: Successful exploitation of this vulnerability may affect availability.
See 1 more articles and social media posts

CVSS V3.1

Attack Vector:Local
Attack Complexity:Low
Privileges Required:Low
User Interaction:None
Scope:Unchanged
Confidentiality:None
Integrity:None
Availability Impact:High

Categories

Be the first to know about critical vulnerabilities

Collect, analyze, and share vulnerability reports faster using AI