CVE-2024-51530

Improper Input Validation (CWE-20)

Published: Nov 5, 2024 / Updated: 14d ago

010
CVSS 5.5EPSS 0.04%Medium
CVE info copied to clipboard

Summary

A LaunchAnywhere vulnerability exists in the account module. This vulnerability is associated with improper input validation (CWE-20).

Impact

Successful exploitation of this vulnerability may affect service confidentiality. The vulnerability has a CVSS v3.1 base score of 5.5, indicating a medium severity. The attack vector is local, requiring low attack complexity and low privileges, with no user interaction needed. The impact is limited to confidentiality, which is rated as high, while integrity and availability are not affected.

Exploitation

There is no evidence that a public proof-of-concept exists. There is no evidence of proof of exploitation at the moment.

Patch

A patch is available. Huawei has released a security bulletin on November 7, 2024, which can be found at https://consumer.huawei.com/en/support/bulletin/2024/11/

Mitigation

To mitigate this vulnerability, it is recommended to update the affected products to the latest versions as provided in the Huawei security bulletin. The vulnerable products include EMUI versions 12.0.0, 13.0.0, and 14.0.0, as well as HarmonyOS versions 2.0.0, 2.1.0, 3.0.0, 3.1.0, 4.0.0, and 4.2.0. Prioritize patching based on the medium severity score and the potential for high confidentiality impact.

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Timeline

First Article

Feedly found the first article mentioning CVE-2024-51530. See article

Nov 5, 2024 at 8:32 AM / <object object at 0x79b19ecc4180>
CVSS Estimate

Feedly estimated the CVSS score as MEDIUM

Nov 5, 2024 at 11:25 AM
CVE Assignment

NVD published the first details for CVE-2024-51530

Nov 5, 2024 at 12:15 PM
CVSS

A CVSS base score of 6.6 has been assigned.

Nov 5, 2024 at 12:21 PM / nvd
EPSS

EPSS Score was set to: 0.04% (Percentile: 10%)

Nov 6, 2024 at 11:56 AM
CVSS

A CVSS base score of 5.5 has been assigned.

Nov 7, 2024 at 8:00 PM / nvd
Static CVE Timeline Graph

Affected Systems

Huawei/emui
+null more

Patches

consumer.huawei.com
+null more

Links to Mitre Att&cks

T1562.003: Impair Command History Logging
+null more

Attack Patterns

CAPEC-10: Buffer Overflow via Environment Variables
+null more

References

Huawei lists EMUI and HarmonyOS November 2024 security patch details
We’re on 5th November 2024 and Huawei has revealed new security patch details for its EMUI and HarmonyOS devices. Huawei has eliminated around 21 vulnerabilities with the November 2024 security patch for EMUI and HarmonyOS models.

News

NA - CVE-2024-51530 - LaunchAnywhere vulnerability in the account...
LaunchAnywhere vulnerability in the account module Impact: Successful exploitation of this vulnerability may affect service confidentiality.
CVE-2024-51530 | Huawei HarmonyOS up to 4.2.0 Account Module input validation
A vulnerability classified as problematic has been found in Huawei HarmonyOS up to 4.2.0 . Affected is an unknown function of the component Account Module . The manipulation leads to improper input validation. This vulnerability is traded as CVE-2024-51530 . Local access is required to approach this attack. There is no exploit available.
CVE-2024-51530
LaunchAnywhere vulnerability in the account module Impact: Successful exploitation of this vulnerability may affect service...
CVE-2024-51530 - Symantec LaunchAnywhere Account Module Confidentiality Vulnerability
CVE ID : CVE-2024-51530 Published : Nov. 5, 2024, 12:15 p.m. 48 minutes ago Description : LaunchAnywhere vulnerability in the account module Impact: Successful exploitation of this vulnerability may affect service confidentiality. Severity: 6.6
CVE-2024-51530
LaunchAnywhere vulnerability in the account module Impact: Successful exploitation of this vulnerability may affect service confidentiality.
See 3 more articles and social media posts

CVSS V3.1

Attack Vector:Local
Attack Complexity:Low
Privileges Required:Low
User Interaction:None
Scope:Unchanged
Confidentiality:High
Integrity:None
Availability Impact:None

Categories

Be the first to know about critical vulnerabilities

Collect, analyze, and share vulnerability reports faster using AI