{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-52547", "assignerOrgId": "25ac1063-e409-4190-8079-24548c77ea2e", "state": "PUBLISHED", "assignerShortName": "huawei", "dateReserved": "2024-02-27T03:41:51.382Z", "datePublished": "2024-05-28T06:15:20.883Z", "dateUpdated": "2024-08-02T23:03:20.821Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "CurieM-WFG9B", "vendor": "Huawei", "versions": [{"status": "affected", "version": "OTA-CurieM-BIOS-2.29"}]}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Huawei Matebook D16(Model: CREM-WXX9, BIOS: v2.26. Memory Corruption in SMI Handler of HddPassword SMM Module. This can be leveraged by a malicious OS attacker to corrupt data structures stored at the beginning of SMRAM and can potentially lead to code execution in SMM."}], "value": "Huawei Matebook D16(Model: CREM-WXX9, BIOS: v2.26. Memory Corruption in SMI Handler of HddPassword SMM Module. This can be leveraged by a malicious OS attacker to corrupt data structures stored at the beginning of SMRAM and can potentially lead to code execution in SMM."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-130", "description": "CWE-130 Improper Handling of Length Parameter Inconsistency", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "25ac1063-e409-4190-8079-24548c77ea2e", "shortName": "huawei", "dateUpdated": "2024-05-28T06:32:11.698Z"}, "references": [{"url": "https://www.huawei.com/en/psirt/security-advisories/2024/huawei-sa-iholpiiahpp-0ab7d6db-en"}], "source": {"discovery": "UNKNOWN"}, "x_generator": {"engine": "Vulnogram 0.2.0"}}, "adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2023-52547", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2024-05-28T14:45:19.537234Z"}}}], "affected": [{"cpes": ["cpe:2.3:a:huawei:curiem-wfg9b:ota-curiem-bios-2.29:*:*:*:*:*:*:*"], "vendor": "huawei", "product": "curiem-wfg9b", "versions": [{"status": "affected", "version": "ota-curiem-bios-2.29", "lessThan": "curiem-wfg9b_bios_2.32", "versionType": "custom"}], "defaultStatus": "affected"}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-06-04T17:23:33.498Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T23:03:20.821Z"}, "title": "CVE Program Container", "references": [{"url": "https://www.huawei.com/en/psirt/security-advisories/2024/huawei-sa-iholpiiahpp-0ab7d6db-en", "tags": ["x_transferred"]}]}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://www.huawei.com/en/psirt/security-advisories/2024/huawei-sa-iholpiiahpp-0ab7d6db-en", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T23:03:20.821Z"}}, {"metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2023-52547", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2024-05-28T14:45:19.537234Z"}}}], "affected": [{"cpes": ["cpe:2.3:a:huawei:curiem-wfg9b:ota-curiem-bios-2.29:*:*:*:*:*:*:*"], "vendor": "huawei", "product": "curiem-wfg9b", "versions": [{"status": "affected", "version": "ota-curiem-bios-2.29", "lessThan": "curiem-wfg9b_bios_2.32", "versionType": "custom"}], "defaultStatus": "affected"}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-05-28T14:48:10.811Z"}, "title": "CISA ADP Vulnrichment"}], "cna": {"source": {"discovery": "UNKNOWN"}, "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.8, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "Huawei", "product": "CurieM-WFG9B", "versions": [{"status": "affected", "version": "OTA-CurieM-BIOS-2.29"}], "defaultStatus": "unaffected"}], "references": [{"url": "https://www.huawei.com/en/psirt/security-advisories/2024/huawei-sa-iholpiiahpp-0ab7d6db-en"}], "x_generator": {"engine": "Vulnogram 0.2.0"}, "descriptions": [{"lang": "en", "value": "Huawei Matebook D16(Model: CREM-WXX9, BIOS: v2.26. Memory Corruption in SMI Handler of HddPassword SMM Module. This can be leveraged by a malicious OS attacker to corrupt data structures stored at the beginning of SMRAM and can potentially lead to code execution in SMM.", "supportingMedia": [{"type": "text/html", "value": "Huawei Matebook D16(Model: CREM-WXX9, BIOS: v2.26. Memory Corruption in SMI Handler of HddPassword SMM Module. This can be leveraged by a malicious OS attacker to corrupt data structures stored at the beginning of SMRAM and can potentially lead to code execution in SMM.", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-130", "description": "CWE-130 Improper Handling of Length Parameter Inconsistency"}]}], "providerMetadata": {"orgId": "25ac1063-e409-4190-8079-24548c77ea2e", "shortName": "huawei", "dateUpdated": "2024-05-28T06:32:11.698Z"}}}, "cveMetadata": {"cveId": "CVE-2023-52547", "state": "PUBLISHED", "dateUpdated": "2024-08-02T23:03:20.821Z", "dateReserved": "2024-02-27T03:41:51.382Z", "assignerOrgId": "25ac1063-e409-4190-8079-24548c77ea2e", "datePublished": "2024-05-28T06:15:20.883Z", "assignerShortName": "huawei"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:huawei:curiem-wfg9b_firmware:ota-curiem-bios-2.29:*:*:*:*:*:*:*", "matchCriteriaId": "2D0C60E9-E69E-4692-92FC-BDF8BD28346B", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:huawei:curiem-wfg9b:-:*:*:*:*:*:*:*", "matchCriteriaId": "53861342-BCF5-49E5-A4C5-C1D1C472C8FF", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Huawei Matebook D16(Model: CREM-WXX9, BIOS: v2.26. Memory Corruption in SMI Handler of HddPassword SMM Module. This can be leveraged by a malicious OS attacker to corrupt data structures stored at the beginning of SMRAM and can potentially lead to code execution in SMM."}, {"lang": "es", "value": "Huawei Matebook D16 (Modelo: CREM-WXX9, BIOS: v2.26. Corrupci\u00f3n de la memoria en el controlador SMI del m\u00f3dulo SMM HddPassword. Un atacante malicioso del sistema operativo puede aprovechar esto para corromper las estructuras de datos almacenadas al comienzo de SMRAM y puede conducir potencialmente a Ejecuci\u00f3n de c\u00f3digo en SMM."}], "id": "CVE-2023-52547", "lastModified": "2025-01-17T18:32:12.300", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "psirt@huawei.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2024-05-28T07:15:08.930", "references": [{"source": "psirt@huawei.com", "tags": ["Vendor Advisory"], "url": "https://www.huawei.com/en/psirt/security-advisories/2024/huawei-sa-iholpiiahpp-0ab7d6db-en"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://www.huawei.com/en/psirt/security-advisories/2024/huawei-sa-iholpiiahpp-0ab7d6db-en"}], "sourceIdentifier": "psirt@huawei.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-130"}], "source": "psirt@huawei.com", "type": "Secondary"}, {"description": [{"lang": "en", "value": "CWE-787"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}

{}