CVE-2024-45346

{"id": "CVE-2024-45346", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "security@xiaomi.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.8, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 2.8}]}, "published": "2024-08-28T07:15:08.823", "references": [{"url": "https://trust.mi.com/misrc/bulletins/advisory?cveId=545", "source": "security@xiaomi.com"}], "vulnStatus": "Awaiting Analysis", "weaknesses": [{"type": "Secondary", "source": "security@xiaomi.com", "description": [{"lang": "en", "value": "CWE-287"}]}], "descriptions": [{"lang": "en", "value": "The Xiaomi Security Center expresses heartfelt thanks to Ken Gannon and Ilyes Beghdadi of NCC Group working with Trend Micro Zero Day Initiative! At the same time, we also welcome more outstanding and professional security experts and security teams to join the Mi Security Center (MiSRC) to jointly ensure the safe access of millions of Xiaomi users worldwide Life."}, {"lang": "es", "value": "Existe una vulnerabilidad de ejecuci\u00f3n de c\u00f3digo en el producto de aplicaci\u00f3n XiaomiGetApps. Esta vulnerabilidad se debe a que se omite la l\u00f3gica de verificaci\u00f3n y un atacante puede aprovechar esta vulnerabilidad para ejecutar c\u00f3digo malicioso."}], "lastModified": "2025-04-08T21:15:46.533", "sourceIdentifier": "security@xiaomi.com"}