{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-45346", "assignerOrgId": "b57733aa-7326-4f07-8e09-0be8e0df1909", "state": "PUBLISHED", "assignerShortName": "Xiaomi", "dateReserved": "2024-08-28T02:24:34.837Z", "datePublished": "2024-08-28T06:44:40.297Z", "dateUpdated": "2025-04-08T20:42:58.880Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "affected", "product": "GetApps application", "vendor": "Xiaomi", "versions": [{"changes": [{"at": "30.6.0.2", "status": "unaffected"}], "lessThanOrEqual": "30.2.7.0", "status": "affected", "version": "GetApps application", "versionType": "custom"}]}], "datePublic": "2024-05-06T06:37:00.000Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<span style=\"background-color: rgb(245, 247, 249);\">The Xiaomi Security Center expresses heartfelt thanks to Ken Gannon and Ilyes Beghdadi of NCC Group working with Trend Micro Zero Day Initiative! At the same time, we also welcome more outstanding and professional security experts and security teams to join the Mi Security Center (MiSRC) to jointly ensure the safe access of millions of Xiaomi users worldwide Life.</span><br>"}], "value": "The Xiaomi Security Center expresses heartfelt thanks to Ken Gannon and Ilyes Beghdadi of NCC Group working with Trend Micro Zero Day Initiative! At the same time, we also welcome more outstanding and professional security experts and security teams to join the Mi Security Center (MiSRC) to jointly ensure the safe access of millions of Xiaomi users worldwide Life."}], "impacts": [{"capecId": "CAPEC-115", "descriptions": [{"lang": "en", "value": "CAPEC-115 Authentication Bypass"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-287", "description": "CWE-287 Improper Authentication", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "b57733aa-7326-4f07-8e09-0be8e0df1909", "shortName": "Xiaomi", "dateUpdated": "2025-03-27T06:53:40.971Z"}, "references": [{"url": "https://trust.mi.com/misrc/bulletins/advisory?cveId=545"}], "source": {"discovery": "EXTERNAL"}, "title": "GetApps application has code execution vulnerability", "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}, "adp": [{"affected": [{"vendor": "xiaomi", "product": "getapps_application", "cpes": ["cpe:2.3:a:xiaomi:getapps_application:*:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "0", "status": "affected", "lessThanOrEqual": "30.2.7.0", "versionType": "custom"}]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-08-28T13:41:21.505287Z", "id": "CVE-2024-45346", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-04-08T20:42:58.880Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-45346", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2024-08-28T13:41:21.505287Z"}}}], "affected": [{"cpes": ["cpe:2.3:a:xiaomi:getapps_application:*:*:*:*:*:*:*:*"], "vendor": "xiaomi", "product": "getapps_application", "versions": [{"status": "affected", "version": "0", "versionType": "custom", "lessThanOrEqual": "30.2.7.0"}], "defaultStatus": "unknown"}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-08-28T13:44:57.859Z"}}], "cna": {"title": "GetApps application has code execution vulnerability", "source": {"discovery": "EXTERNAL"}, "impacts": [{"capecId": "CAPEC-115", "descriptions": [{"lang": "en", "value": "CAPEC-115 Authentication Bypass"}]}], "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.8, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "Xiaomi", "product": "GetApps application", "versions": [{"status": "affected", "changes": [{"at": "30.6.0.2", "status": "unaffected"}], "version": "GetApps application", "versionType": "custom", "lessThanOrEqual": "30.2.7.0"}], "defaultStatus": "affected"}], "datePublic": "2024-05-06T06:37:00.000Z", "references": [{"url": "https://trust.mi.com/misrc/bulletins/advisory?cveId=545"}], "x_generator": {"engine": "Vulnogram 0.1.0-dev"}, "descriptions": [{"lang": "en", "value": "The Xiaomi Security Center expresses heartfelt thanks to Ken Gannon and Ilyes Beghdadi of NCC Group working with Trend Micro Zero Day Initiative! At the same time, we also welcome more outstanding and professional security experts and security teams to join the Mi Security Center (MiSRC) to jointly ensure the safe access of millions of Xiaomi users worldwide Life.", "supportingMedia": [{"type": "text/html", "value": "<span style=\"background-color: rgb(245, 247, 249);\">The Xiaomi Security Center expresses heartfelt thanks to Ken Gannon and Ilyes Beghdadi of NCC Group working with Trend Micro Zero Day Initiative! At the same time, we also welcome more outstanding and professional security experts and security teams to join the Mi Security Center (MiSRC) to jointly ensure the safe access of millions of Xiaomi users worldwide Life.</span><br>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-287", "description": "CWE-287 Improper Authentication"}]}], "providerMetadata": {"orgId": "b57733aa-7326-4f07-8e09-0be8e0df1909", "shortName": "Xiaomi", "dateUpdated": "2025-03-27T06:53:40.971Z"}}}, "cveMetadata": {"cveId": "CVE-2024-45346", "state": "PUBLISHED", "dateUpdated": "2025-04-08T20:42:58.880Z", "dateReserved": "2024-08-28T02:24:34.837Z", "assignerOrgId": "b57733aa-7326-4f07-8e09-0be8e0df1909", "datePublished": "2024-08-28T06:44:40.297Z", "assignerShortName": "Xiaomi"}, "dataVersion": "5.1"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "The Xiaomi Security Center expresses heartfelt thanks to Ken Gannon and Ilyes Beghdadi of NCC Group working with Trend Micro Zero Day Initiative! At the same time, we also welcome more outstanding and professional security experts and security teams to join the Mi Security Center (MiSRC) to jointly ensure the safe access of millions of Xiaomi users worldwide Life."}, {"lang": "es", "value": "Existe una vulnerabilidad de ejecuci\u00f3n de c\u00f3digo en el producto de aplicaci\u00f3n XiaomiGetApps. Esta vulnerabilidad se debe a que se omite la l\u00f3gica de verificaci\u00f3n y un atacante puede aprovechar esta vulnerabilidad para ejecutar c\u00f3digo malicioso."}], "id": "CVE-2024-45346", "lastModified": "2025-04-08T21:15:46.533", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "security@xiaomi.com", "type": "Secondary"}]}, "published": "2024-08-28T07:15:08.823", "references": [{"source": "security@xiaomi.com", "url": "https://trust.mi.com/misrc/bulletins/advisory?cveId=545"}], "sourceIdentifier": "security@xiaomi.com", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-287"}], "source": "security@xiaomi.com", "type": "Secondary"}]}

{}