CVE-2023-0036

Description

platform_callback_stub in misc subsystem within OpenHarmony-v3.0.5 and prior versions has an authentication bypass vulnerability which allows an "SA relay attack".Local attackers can bypass authentication and attack other SAs with high privilege.

CVSS Version 3.1

nvd
CVE ID: CVE-2023-0036
Base Score: 7.8
Base Severity: HIGH
Vector String:CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Impact Score: 5.9
Exploitability Score: 1.8

openharmony
CVE ID: CVE-2023-0036
Base Score: 6.5
Base Severity: MEDIUM
Vector String:CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N
Impact Score: 4.0
Exploitability Score: 2.0

Refrence: NVD MITRE

Description​

Description