CVE-2024-57962

Medium

Published: 06 February 2025

Published

06 February 2025

Modified

17 March 2025

KEV Added

—

Patch

—

CVSS Score 6.1 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:H

EPSS Score 0.0010 27.2th percentile

Risk Priority 12 60% EPSS · 20% KEV · 20% CVSS

Description

Vulnerability of incomplete verification information in the VPN service module Impact: Successful exploitation of this vulnerability may affect availability.

Security Summary

CVE-2024-57962 is a vulnerability involving incomplete verification information in the VPN service module. It affects Huawei consumer products, as detailed in the vendor's support bulletin, and was published on 2025-02-06. The issue is rated at a CVSS v3.1 base score of 6.1 (AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:H) and is linked to CWE-701, with successful exploitation potentially impacting availability.

A local attacker with no privileges required can exploit this vulnerability through low-complexity attacks that necessitate user interaction. Upon success, the attacker can achieve high impact on availability and low impact on integrity, with no confidentiality impact.

Huawei has issued a support bulletin at https://consumer.huawei.com/en/support/bulletin/2025/2/ addressing this vulnerability, which provides information on mitigations or patches for affected products.

Details

CWE(s): CWE-701NVD-CWE-noinfo

Affected Products

huawei

harmonyos

5.0.0

References

https://consumer.huawei.com/en/support/bulletin/2025/2/
Vendor Advisory · psirt@huawei.com