CVE-2024-51520

Improper Input Validation (CWE-20)

Published: Nov 5, 2024 / Updated: 14d ago

010
CVSS 5.5EPSS 0.04%Medium
CVE info copied to clipboard

Summary

Vulnerability of input parameters not being verified in the HDC module. This vulnerability affects the HarmonyOS 5.0.0 operating system developed by Huawei.

Impact

Successful exploitation of this vulnerability may affect availability. The CVSS v3.1 base score is 5.5, indicating a medium severity. The attack vector is local, requiring low privileges and no user interaction. While there is no impact on confidentiality or integrity, the availability impact is high.

Exploitation

There is no evidence that a public proof-of-concept exists. There is no evidence of proof of exploitation at the moment.

Patch

A patch is available. Huawei has released a security bulletin on November 7, 2024, which can be found at https://consumer.huawei.com/en/support/bulletin/2024/11/

Mitigation

1. Apply the patch provided by Huawei as soon as possible. 2. Limit local access to the affected systems to trusted users only. 3. Monitor for any unusual activity or attempts to exploit this vulnerability. 4. Consider implementing additional input validation mechanisms if possible.

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Timeline

First Article

Feedly found the first article mentioning CVE-2024-51520. See article

Nov 5, 2024 at 8:32 AM / <object object at 0x79b19ecc4180>
CVSS Estimate

Feedly estimated the CVSS score as MEDIUM

Nov 5, 2024 at 9:35 AM
CVE Assignment

NVD published the first details for CVE-2024-51520

Nov 5, 2024 at 10:21 AM
CVSS

A CVSS base score of 5.5 has been assigned.

Nov 5, 2024 at 10:26 AM / nvd
EPSS

EPSS Score was set to: 0.04% (Percentile: 10%)

Nov 6, 2024 at 11:56 AM
Static CVE Timeline Graph

Affected Systems

Huawei/harmonyos
+null more

Patches

consumer.huawei.com
+null more

Links to Mitre Att&cks

T1562.003: Impair Command History Logging
+null more

Attack Patterns

CAPEC-10: Buffer Overflow via Environment Variables
+null more

References

Huawei lists EMUI and HarmonyOS November 2024 security patch details
We’re on 5th November 2024 and Huawei has revealed new security patch details for its EMUI and HarmonyOS devices. Huawei has eliminated around 21 vulnerabilities with the November 2024 security patch for EMUI and HarmonyOS models.

News

Huawei lists EMUI and HarmonyOS November 2024 security patch details
We’re on 5th November 2024 and Huawei has revealed new security patch details for its EMUI and HarmonyOS devices. Huawei has eliminated around 21 vulnerabilities with the November 2024 security patch for EMUI and HarmonyOS models.
CVE-2024-51520 - &quot;Oracle Hyper-Converged Infrastructure (HCI) Input Parameter Validation Vulnerability (Remote Attack Vector)&quot;
CVE ID : CVE-2024-51520 Published : Nov. 5, 2024, 10:21 a.m. 44 minutes ago Description : Vulnerability of input parameters not being verified in the HDC module Impact: Successful exploitation of this vulnerability may affect availability. Severity: 5.5
CVE-2024-51520
Vulnerability of input parameters not being verified in the HDC module Impact: Successful exploitation of this vulnerability may affect...
CVE-2024-51520
Vulnerability of input parameters not being verified in the HDC module Impact: Successful exploitation of this vulnerability may affect availability.
CVE-2024-51520 | Huawei HarmonyOS 5.0.0 HDC Module denial of service
A vulnerability, which was classified as problematic , was found in Huawei HarmonyOS 5.0.0 . This affects an unknown part of the component HDC Module . The manipulation leads to denial of service. This vulnerability is uniquely identified as CVE-2024-51520 . Local access is required to approach this attack. There is no exploit available.
See 1 more articles and social media posts

CVSS V3.1

Attack Vector:Local
Attack Complexity:Low
Privileges Required:Low
User Interaction:None
Scope:Unchanged
Confidentiality:None
Integrity:None
Availability Impact:High

Categories

Be the first to know about critical vulnerabilities

Collect, analyze, and share vulnerability reports faster using AI