Описание
softbus_client_stub in communication subsystem within OpenHarmony-v3.0.5 and prior versions has an authentication bypass vulnerability which allows an "SA relay attack".Local attackers can bypass authentication and attack other SAs with high privilege.
Ссылки
- Third Party Advisory
- Third Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия от 3.0 (включая) до 3.0.5 (включая)
cpe:2.3:o:openatom:openharmony:*:*:*:*:lts:*:*:*
EPSS
Процентиль: 19%
0.0006
Низкий
6.5 Medium
CVSS3
7.8 High
CVSS3
Дефекты
CWE-287
CWE-294
Связанные уязвимости
CVSS3: 7.8
github
около 3 лет назад
softbus_client_stub in communication subsystem within OpenHarmony-v3.0.5 and prior versions has an authentication bypass vulnerability which allows an "SA relay attack".Local attackers can bypass authentication and attack other SAs with high privilege.
EPSS
Процентиль: 19%
0.0006
Низкий
6.5 Medium
CVSS3
7.8 High
CVSS3
Дефекты
CWE-287
CWE-294