CVE-2023-39401 — Path Traversal in Huawei Emui

CWE-22 — Path Traversal CWE-285 — Improper Authorization3 documents3 sources

Severity

9.1CRITICALNVD

EPSS

0.1%

top 71.93%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Huawei Emui Huawei Harmonyos

Timeline

PublishedAug 13

Description

Parameter verification vulnerability in the installd module. Successful exploitation of this vulnerability may cause sandbox files to be read and written without authorization.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:NExploitability: 3.9 | Impact: 5.2

Affected Packages4 packages

▶CVEListV5huawei/emui4 versions+3

▶NVDhuawei/emui4 versions+3

▶CVEListV5huawei/harmonyos5 versions+4

▶NVDhuawei/harmonyos5 versions+4

🔴Vulnerability Details

GHSA

GHSA-hq7g-6qmj-684h: Parameter verification vulnerability in the installd module↗2023-08-13

▶

CVEList

CVE-2023-39401: Parameter verification vulnerability in the installd module↗2023-08-13

▶