CVE-2023-52714 - Vulnerability Details - OpenCVE

Vulnerability of defects introduced in the design process in the hwnff module. Impact: Successful exploitation of this vulnerability may affect service confidentiality.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Huawei	Emui Harmonyos

Configuration 1 [-]

OR	cpe:2.3:o:huawei:emui:12.0.0:::::::*
	cpe:2.3:o:huawei:emui:13.0.0:::::::*
	cpe:2.3:o:huawei:harmonyos:2.0.0:::::::*
	cpe:2.3:o:huawei:harmonyos:2.1.0:::::::*
	cpe:2.3:o:huawei:harmonyos:3.0.0:::::::*
	cpe:2.3:o:huawei:harmonyos:3.1.0:::::::*
	cpe:2.3:o:huawei:harmonyos:4.0.0:::::::*

No data.

References

Link	Providers
https://consumer.huawei.com/en/support/bulletin/2024/4/
https://https://device.harmonyos.com/en/docs/security/update/security-bulletins-202404-0000001880501689

History

Thu, 13 Mar 2025 15:15:00 +0000

Type	Values Removed	Values Added
First Time appeared		Huawei Huawei emui Huawei harmonyos
CPEs		cpe:2.3:o:huawei:emui:12.0.0:::::::* cpe:2.3:o:huawei:emui:13.0.0:::::::* cpe:2.3:o:huawei:harmonyos:2.0.0:::::::* cpe:2.3:o:huawei:harmonyos:2.1.0:::::::* cpe:2.3:o:huawei:harmonyos:3.0.0:::::::* cpe:2.3:o:huawei:harmonyos:3.1.0:::::::* cpe:2.3:o:huawei:harmonyos:4.0.0:::::::*
Vendors & Products		Huawei Huawei emui Huawei harmonyos

Wed, 14 Aug 2024 20:00:00 +0000

Type	Values Removed	Values Added
Weaknesses		CWE-657
Metrics		cvssV3_1 `{'score': 7.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N'}`

MITRE

Status: PUBLISHED

Assigner: huawei

Published: 2024-04-07T08:43:50.830Z

Updated: 2024-08-14T18:38:40.816Z

Reserved: 2024-03-27T03:37:42.326Z

Link: CVE-2023-52714

Vulnrichment

Updated: 2024-08-02T23:11:35.978Z

NVD

Status : Analyzed

Published: 2024-04-07T09:15:08.423

Modified: 2025-03-13T14:51:33.707

Link: CVE-2023-52714

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-52714", "assignerOrgId": "25ac1063-e409-4190-8079-24548c77ea2e", "state": "PUBLISHED", "assignerShortName": "huawei", "dateReserved": "2024-03-27T03:37:42.326Z", "datePublished": "2024-04-07T08:43:50.830Z", "dateUpdated": "2024-08-14T18:38:40.816Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "HarmonyOS", "vendor": "Huawei", "versions": [{"status": "affected", "version": "4.0.0"}, {"status": "affected", "version": "3.1.0"}, {"status": "affected", "version": "3.0.0"}, {"status": "affected", "version": "2.1.0"}, {"status": "affected", "version": "2.0.0"}]}, {"defaultStatus": "unaffected", "product": "EMUI", "vendor": "Huawei", "versions": [{"status": "affected", "version": "13.0.0"}, {"status": "affected", "version": "12.0.0"}]}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Vulnerability of defects introduced in the design process in the hwnff module.<br>Impact: Successful exploitation of this vulnerability may affect service confidentiality."}], "value": "Vulnerability of defects introduced in the design process in the hwnff module.\nImpact: Successful exploitation of this vulnerability may affect service confidentiality."}], "problemTypes": [{"descriptions": [{"description": "Weaknesses Introduced During Design", "lang": "en"}]}], "providerMetadata": {"orgId": "25ac1063-e409-4190-8079-24548c77ea2e", "shortName": "huawei", "dateUpdated": "2024-04-07T08:43:50.830Z"}, "references": [{"url": "https://consumer.huawei.com/en/support/bulletin/2024/4/"}, {"url": "https://https://device.harmonyos.com/en/docs/security/update/security-bulletins-202404-0000001880501689"}], "source": {"discovery": "UNKNOWN"}, "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T23:11:35.978Z"}, "title": "CVE Program Container", "references": [{"url": "https://consumer.huawei.com/en/support/bulletin/2024/4/", "tags": ["x_transferred"]}, {"url": "https://https://device.harmonyos.com/en/docs/security/update/security-bulletins-202404-0000001880501689", "tags": ["x_transferred"]}]}, {"problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-657", "lang": "en", "description": "CWE-657 Violation of Secure Design Principles"}]}], "affected": [{"vendor": "huawei", "product": "harmonyos", "cpes": ["cpe:2.3:o:huawei:harmonyos:2.0.0:*:*:*:*:*:*:*", "cpe:2.3:o:huawei:harmonyos:2.1.0:*:*:*:*:*:*:*", "cpe:2.3:o:huawei:harmonyos:3.0.0:*:*:*:*:*:*:*", "cpe:2.3:o:huawei:harmonyos:3.1.0:*:*:*:*:*:*:*", "cpe:2.3:o:huawei:harmonyos:4.0.0:*:*:*:*:*:*:*"], "defaultStatus": "unaffected", "versions": [{"version": "2.0.0", "status": "affected"}, {"version": "2.1.0", "status": "affected"}, {"version": "3.0.0", "status": "affected"}, {"version": "3.1.0", "status": "affected"}, {"version": "4.0.0", "status": "affected"}]}, {"vendor": "huawei", "product": "emui", "cpes": ["cpe:2.3:o:huawei:emui:12.0.0:*:*:*:*:*:*:*", "cpe:2.3:o:huawei:emui:13.0.0:*:*:*:*:*:*:*"], "defaultStatus": "unaffected", "versions": [{"version": "12.0.0", "status": "affected"}, {"version": "13.0.0", "status": "affected"}]}], "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2024-08-14T18:33:25.143460Z", "id": "CVE-2023-52714", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-08-14T18:38:40.816Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://consumer.huawei.com/en/support/bulletin/2024/4/", "tags": ["x_transferred"]}, {"url": "https://https://device.harmonyos.com/en/docs/security/update/security-bulletins-202404-0000001880501689", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T23:11:35.978Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2023-52714", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-08-14T18:33:25.143460Z"}}}], "affected": [{"cpes": ["cpe:2.3:o:huawei:harmonyos:2.0.0:*:*:*:*:*:*:*", "cpe:2.3:o:huawei:harmonyos:2.1.0:*:*:*:*:*:*:*", "cpe:2.3:o:huawei:harmonyos:3.0.0:*:*:*:*:*:*:*", "cpe:2.3:o:huawei:harmonyos:3.1.0:*:*:*:*:*:*:*", "cpe:2.3:o:huawei:harmonyos:4.0.0:*:*:*:*:*:*:*"], "vendor": "huawei", "product": "harmonyos", "versions": [{"status": "affected", "version": "2.0.0"}, {"status": "affected", "version": "2.1.0"}, {"status": "affected", "version": "3.0.0"}, {"status": "affected", "version": "3.1.0"}, {"status": "affected", "version": "4.0.0"}], "defaultStatus": "unaffected"}, {"cpes": ["cpe:2.3:o:huawei:emui:12.0.0:*:*:*:*:*:*:*", "cpe:2.3:o:huawei:emui:13.0.0:*:*:*:*:*:*:*"], "vendor": "huawei", "product": "emui", "versions": [{"status": "affected", "version": "12.0.0"}, {"status": "affected", "version": "13.0.0"}], "defaultStatus": "unaffected"}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-657", "description": "CWE-657 Violation of Secure Design Principles"}]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-08-14T18:36:45.686Z"}}], "cna": {"source": {"discovery": "UNKNOWN"}, "affected": [{"vendor": "Huawei", "product": "HarmonyOS", "versions": [{"status": "affected", "version": "4.0.0"}, {"status": "affected", "version": "3.1.0"}, {"status": "affected", "version": "3.0.0"}, {"status": "affected", "version": "2.1.0"}, {"status": "affected", "version": "2.0.0"}], "defaultStatus": "unaffected"}, {"vendor": "Huawei", "product": "EMUI", "versions": [{"status": "affected", "version": "13.0.0"}, {"status": "affected", "version": "12.0.0"}], "defaultStatus": "unaffected"}], "references": [{"url": "https://consumer.huawei.com/en/support/bulletin/2024/4/"}, {"url": "https://https://device.harmonyos.com/en/docs/security/update/security-bulletins-202404-0000001880501689"}], "x_generator": {"engine": "Vulnogram 0.1.0-dev"}, "descriptions": [{"lang": "en", "value": "Vulnerability of defects introduced in the design process in the hwnff module.\nImpact: Successful exploitation of this vulnerability may affect service confidentiality.", "supportingMedia": [{"type": "text/html", "value": "Vulnerability of defects introduced in the design process in the hwnff module.<br>Impact: Successful exploitation of this vulnerability may affect service confidentiality.", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "Weaknesses Introduced During Design"}]}], "providerMetadata": {"orgId": "25ac1063-e409-4190-8079-24548c77ea2e", "shortName": "huawei", "dateUpdated": "2024-04-07T08:43:50.830Z"}}}, "cveMetadata": {"cveId": "CVE-2023-52714", "state": "PUBLISHED", "dateUpdated": "2024-08-14T18:38:40.816Z", "dateReserved": "2024-03-27T03:37:42.326Z", "assignerOrgId": "25ac1063-e409-4190-8079-24548c77ea2e", "datePublished": "2024-04-07T08:43:50.830Z", "assignerShortName": "huawei"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:huawei:emui:12.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "A974CA73-84E8-480B-BB4C-4A81D0C985B2", "vulnerable": true}, {"criteria": "cpe:2.3:o:huawei:emui:13.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "353AEAF2-AF46-4835-93E1-4F942D5E2810", "vulnerable": true}, {"criteria": "cpe:2.3:o:huawei:harmonyos:2.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "20112231-B840-44D3-A061-B9B9F80EE378", "vulnerable": true}, {"criteria": "cpe:2.3:o:huawei:harmonyos:2.1.0:*:*:*:*:*:*:*", "matchCriteriaId": "C01447F1-7F58-4AE3-B403-C01B2575D898", "vulnerable": true}, {"criteria": "cpe:2.3:o:huawei:harmonyos:3.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "CB3751C1-7729-41D3-AE50-80B5AF601135", "vulnerable": true}, {"criteria": "cpe:2.3:o:huawei:harmonyos:3.1.0:*:*:*:*:*:*:*", "matchCriteriaId": "4D81C4EF-7CAF-4E60-91A4-8CF7B95B2B54", "vulnerable": true}, {"criteria": "cpe:2.3:o:huawei:harmonyos:4.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "8198CDB2-4BC5-411A-8736-615A531FC545", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Vulnerability of defects introduced in the design process in the hwnff module.\nImpact: Successful exploitation of this vulnerability may affect service confidentiality."}, {"lang": "es", "value": "Vulnerabilidad de defectos introducidos en el proceso de dise\u00f1o en el m\u00f3dulo hwnff. Impacto: La explotaci\u00f3n exitosa de esta vulnerabilidad puede afectar la confidencialidad del servicio."}], "id": "CVE-2023-52714", "lastModified": "2025-03-13T14:51:33.707", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2024-04-07T09:15:08.423", "references": [{"source": "psirt@huawei.com", "tags": ["Vendor Advisory"], "url": "https://consumer.huawei.com/en/support/bulletin/2024/4/"}, {"source": "psirt@huawei.com", "tags": ["Vendor Advisory"], "url": "https://https://device.harmonyos.com/en/docs/security/update/security-bulletins-202404-0000001880501689"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://consumer.huawei.com/en/support/bulletin/2024/4/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://https://device.harmonyos.com/en/docs/security/update/security-bulletins-202404-0000001880501689"}], "sourceIdentifier": "psirt@huawei.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-657"}], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}