CVE-2023-39399

CVSS 3.1 Score 9.1 of 10 (high)

Details

Published Aug 13, 2023

Updated: Aug 17, 2023

CWE ID 275

Summary

CVE-2023-39399 is a parameter verification vulnerability affecting the installd module. This issue allows unauthorized reading and writing of sandbox files due to insufficient validation of user input. An attacker who successfully exploits this vulnerability can potentially gain unintended access to sensitive information or modify files outside of the intended sandbox environment. This weakness could lead to significant security implications, emphasizing the importance of applying the necessary patches or updates to mitigate this risk.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

HarmonyOS
Huawei EMUI

Affected Vendors

Huawei Technologies

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/sK-rWj
https://www.cve.org/CVERecord?id=CVE-2023-39399
https://nvd.nist.gov/vuln/detail/CVE-2023-39399

Back to Vulnerability Database