CVE-2023-44116Missing Authentication for Critical Function in Huawei Emui

CWE-306Missing Authentication for Critical Function3 documents3 sources
Severity
9.8CRITICALNVD
EPSS
0.1%
top 77.55%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Huawei EmuiHuawei Harmonyos
Timeline
PublishedOct 11

Description

Vulnerability of access permissions not being strictly verified in the APPWidget module.Successful exploitation of this vulnerability may cause some apps to run without being authorized.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages4 packages

CVEListV5huawei/emui4 versions+3
NVDhuawei/emui4 versions+3
CVEListV5huawei/harmonyos6 versions+5
NVDhuawei/harmonyos6 versions+5

🔴Vulnerability Details

2
GHSA
GHSA-r8vp-xwh5-g2hf: Vulnerability of access permissions not being strictly verified in the APPWidget module2023-10-11
CVEList
CVE-2023-44116: Vulnerability of access permissions not being strictly verified in the APPWidget module2023-10-11
CVE-2023-44116 — Huawei Emui vulnerability | cvebase