Details of VAR-202503-4044

ID

VAR-202503-4044

CVE

CVE-2023-52972

TITLE

Huawei of YutuFZ-5651S1 SenaryAudio access control vulnerabilities in

Trust: 0.8

sources: JVNDB: JVNDB-2025-026206

DESCRIPTION

Huawei PCs have a vulnerability that allows low-privilege users to bypass SDDL permission checks . Successful exploitation this vulnerability could lead to termination of some system processes. Information handled by the software will not be rewritten. In addition, the software may stop functioning completely. Furthermore, attacks that exploit this vulnerability will not affect other software. Huawei PCs are a series of computers from the Chinese company Huawei

Trust: 2.16

sources: NVD: CVE-2023-52972 // JVNDB: JVNDB-2025-026206 // CNVD: CNVD-2025-23595

IOT TAXONOMY

category:

['IoT']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2025-23595

AFFECTED PRODUCTS

vendor:	huawei	model:	yutufz-5651s1 senaryaudio	scope:	eq	version:	3.31.2.0	Trust: 2.4
vendor:	huawei	model:	yutufz-5651s1 senaryaudio	scope:	eq	version:	-	Trust: 0.8
vendor:	huawei	model:	yutufz-5651s1 senaryaudio	scope:	-	version:	-	Trust: 0.8

sources: CNVD: CNVD-2025-23595 // JVNDB: JVNDB-2025-026206 // NVD: CVE-2023-52972

CVSS

SEVERITY

CVSSV2

CVSSV3

psirt@huawei.com:	CVE-2023-52972
value:	MEDIUM
Trust: 1.0
nvd@nist.gov:	CVE-2023-52972
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2023-52972
value:	MEDIUM
Trust: 0.8
CNVD:	CNVD-2025-23595
value:	MEDIUM
Trust: 0.6

CNVD:	CNVD-2025-23595
severity:	MEDIUM
baseScore:	4.6
vectorString:	AV:L/AC:L/AU:S/C:N/I:N/A:C
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	3.1
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

psirt@huawei.com:	CVE-2023-52972
baseSeverity:	MEDIUM
baseScore:	5.5
vectorString:	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	1.8
impactScore:	3.6
version:	3.1
Trust: 2.0
NVD:	CVE-2023-52972
baseSeverity:	MEDIUM
baseScore:	5.5
vectorString:	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: CNVD: CNVD-2025-23595 // JVNDB: JVNDB-2025-026206 // NVD: CVE-2023-52972 // NVD: CVE-2023-52972

PROBLEMTYPE DATA

problemtype:	CWE-284	Trust: 1.0
problemtype:	Inappropriate access control (CWE-284) [ others ]	Trust: 0.8

sources: JVNDB: JVNDB-2025-026206 // NVD: CVE-2023-52972

PATCH

title:	Huawei-SA-20250325-01-PC-en	url:	https://www.huawei.com/en/psirt/security-advisories/2025/huawei-sa-20250325-01-pc-en	Trust: 0.8
title:	Patch for Huawei PCs Authentication Bypass Vulnerability	url:	https://www.cnvd.org.cn/patchInfo/show/742231	Trust: 0.6

sources: CNVD: CNVD-2025-23595 // JVNDB: JVNDB-2025-026206

EXTERNAL IDS

db:	NVD	id:	CVE-2023-52972	Trust: 3.2
db:	JVNDB	id:	JVNDB-2025-026206	Trust: 0.8
db:	CNVD	id:	CNVD-2025-23595	Trust: 0.6

sources: CNVD: CNVD-2025-23595 // JVNDB: JVNDB-2025-026206 // NVD: CVE-2023-52972

REFERENCES

url:	https://www.huawei.com/en/psirt/security-advisories/2025/huawei-sa-20250325-01-pc-en	Trust: 1.6
url:	https://nvd.nist.gov/vuln/detail/cve-2023-52972	Trust: 0.8

sources: CNVD: CNVD-2025-23595 // JVNDB: JVNDB-2025-026206 // NVD: CVE-2023-52972

SOURCES

db:	CNVD	id:	CNVD-2025-23595
db:	JVNDB	id:	JVNDB-2025-026206
db:	NVD	id:	CVE-2023-52972

LAST UPDATE DATE

2026-03-10T23:28:38+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2025-23595	date:	2025-10-14T00:00:00
db:	JVNDB	id:	JVNDB-2025-026206	date:	2026-03-09T06:12:00
db:	NVD	id:	CVE-2023-52972	date:	2026-03-05T21:55:42.197

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2025-23595	date:	2025-10-15T00:00:00
db:	JVNDB	id:	JVNDB-2025-026206	date:	2026-03-09T00:00:00
db:	NVD	id:	CVE-2023-52972	date:	2025-03-26T07:15:36.267