CVE-2023-52715 - Vulnerability Details - OpenCVE

The SystemUI module has a vulnerability in permission management. Impact: Successful exploitation of this vulnerability may affect availability.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation none

Automatable no

Technical Impact partial

Vendors	Products
Huawei	Harmonyos

Configuration 1 [-]

cpe:2.3:o:huawei:harmonyos:4.0.0:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://consumer.huawei.com/en/support/bulletin/2024/4/
https://https://device.harmonyos.com/en/docs/security/update/security-bulletins-202404-0000001880501689

History

Fri, 28 Mar 2025 19:15:00 +0000

Type	Values Removed	Values Added
Weaknesses		CWE-732

Mon, 09 Dec 2024 18:30:00 +0000

Type	Values Removed	Values Added
First Time appeared		Huawei Huawei harmonyos
Weaknesses		NVD-CWE-noinfo
CPEs		cpe:2.3:o:huawei:harmonyos:4.0.0:::::::*
Vendors & Products		Huawei Huawei harmonyos
Metrics		cvssV3_1 `{'score': 7.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H'}`

MITRE

Status: PUBLISHED

Assigner: huawei

Published: 2024-04-07T09:00:08.128Z

Updated: 2025-03-28T18:41:40.523Z

Reserved: 2024-03-27T03:37:42.326Z

Link: CVE-2023-52715

Vulnrichment

Updated: 2024-08-02T23:11:35.387Z

NVD

Status : Modified

Published: 2024-04-07T09:15:08.477

Modified: 2025-03-28T19:15:17.473

Link: CVE-2023-52715

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-52715", "assignerOrgId": "25ac1063-e409-4190-8079-24548c77ea2e", "state": "PUBLISHED", "assignerShortName": "huawei", "dateReserved": "2024-03-27T03:37:42.326Z", "datePublished": "2024-04-07T09:00:08.128Z", "dateUpdated": "2025-03-28T18:41:40.523Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "HarmonyOS", "vendor": "Huawei", "versions": [{"status": "affected", "version": "4.0.0"}]}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "The SystemUI module has a vulnerability in permission management.<br>Impact: Successful exploitation of this vulnerability may affect availability."}], "value": "The SystemUI module has a vulnerability in permission management.\nImpact: Successful exploitation of this vulnerability may affect availability."}], "problemTypes": [{"descriptions": [{"description": "Permissions, Privileges, and Access Controls", "lang": "en"}]}], "providerMetadata": {"orgId": "25ac1063-e409-4190-8079-24548c77ea2e", "shortName": "huawei", "dateUpdated": "2024-04-07T09:00:08.128Z"}, "references": [{"url": "https://consumer.huawei.com/en/support/bulletin/2024/4/"}, {"url": "https://https://device.harmonyos.com/en/docs/security/update/security-bulletins-202404-0000001880501689"}], "source": {"discovery": "UNKNOWN"}, "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}, "adp": [{"problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-732", "lang": "en", "description": "CWE-732 Incorrect Permission Assignment for Critical Resource"}]}], "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2024-04-08T13:11:45.425225Z", "id": "CVE-2023-52715", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-03-28T18:41:40.523Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T23:11:35.387Z"}, "title": "CVE Program Container", "references": [{"url": "https://consumer.huawei.com/en/support/bulletin/2024/4/", "tags": ["x_transferred"]}, {"url": "https://https://device.harmonyos.com/en/docs/security/update/security-bulletins-202404-0000001880501689", "tags": ["x_transferred"]}]}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://consumer.huawei.com/en/support/bulletin/2024/4/", "tags": ["x_transferred"]}, {"url": "https://https://device.harmonyos.com/en/docs/security/update/security-bulletins-202404-0000001880501689", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T23:11:35.387Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2023-52715", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-04-08T13:11:45.425225Z"}}}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-732", "description": "CWE-732 Incorrect Permission Assignment for Critical Resource"}]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-07-05T15:20:43.212Z"}}], "cna": {"source": {"discovery": "UNKNOWN"}, "affected": [{"vendor": "Huawei", "product": "HarmonyOS", "versions": [{"status": "affected", "version": "4.0.0"}], "defaultStatus": "unaffected"}], "references": [{"url": "https://consumer.huawei.com/en/support/bulletin/2024/4/"}, {"url": "https://https://device.harmonyos.com/en/docs/security/update/security-bulletins-202404-0000001880501689"}], "x_generator": {"engine": "Vulnogram 0.1.0-dev"}, "descriptions": [{"lang": "en", "value": "The SystemUI module has a vulnerability in permission management.\nImpact: Successful exploitation of this vulnerability may affect availability.", "supportingMedia": [{"type": "text/html", "value": "The SystemUI module has a vulnerability in permission management.<br>Impact: Successful exploitation of this vulnerability may affect availability.", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "Permissions, Privileges, and Access Controls"}]}], "providerMetadata": {"orgId": "25ac1063-e409-4190-8079-24548c77ea2e", "shortName": "huawei", "dateUpdated": "2024-04-07T09:00:08.128Z"}}}, "cveMetadata": {"cveId": "CVE-2023-52715", "state": "PUBLISHED", "dateUpdated": "2025-03-28T18:41:40.523Z", "dateReserved": "2024-03-27T03:37:42.326Z", "assignerOrgId": "25ac1063-e409-4190-8079-24548c77ea2e", "datePublished": "2024-04-07T09:00:08.128Z", "assignerShortName": "huawei"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:huawei:harmonyos:4.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "8198CDB2-4BC5-411A-8736-615A531FC545", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The SystemUI module has a vulnerability in permission management.\nImpact: Successful exploitation of this vulnerability may affect availability."}, {"lang": "es", "value": "El m\u00f3dulo SystemUI tiene una vulnerabilidad en la gesti\u00f3n de permisos. Impacto: La explotaci\u00f3n exitosa de esta vulnerabilidad puede afectar la disponibilidad."}], "id": "CVE-2023-52715", "lastModified": "2025-03-28T19:15:17.473", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2024-04-07T09:15:08.477", "references": [{"source": "psirt@huawei.com", "tags": ["Not Applicable", "Vendor Advisory"], "url": "https://consumer.huawei.com/en/support/bulletin/2024/4/"}, {"source": "psirt@huawei.com", "tags": ["Vendor Advisory"], "url": "https://https://device.harmonyos.com/en/docs/security/update/security-bulletins-202404-0000001880501689"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Not Applicable", "Vendor Advisory"], "url": "https://consumer.huawei.com/en/support/bulletin/2024/4/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://https://device.harmonyos.com/en/docs/security/update/security-bulletins-202404-0000001880501689"}], "sourceIdentifier": "psirt@huawei.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-732"}], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}