CVE-2024-56952 - Vulnerability Details

An issue in Beijing Baidu Netcom Science & Technology Co Ltd Baidu Lite app (iOS version) 6.40.0 allows attackers to access user information via supplying a crafted link.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction Required

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation poc

Automatable no

Technical Impact partial

No data.

References

Link	Providers
https://github.com/ZhouZiyi1/Vuls/blob/main/241217-BaiduLite/241217-BaiduLite.pdf

History

Tue, 28 Jan 2025 20:15:00 +0000

Type	Values Removed	Values Added
Weaknesses		CWE-601 CWE-922
Metrics		cvssV3_1 `{'score': 6.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N'}` ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Mon, 27 Jan 2025 19:00:00 +0000

Type	Values Removed	Values Added
Description		An issue in Beijing Baidu Netcom Science & Technology Co Ltd Baidu Lite app (iOS version) 6.40.0 allows attackers to access user information via supplying a crafted link.
References		https://github.com/ZhouZiyi1/Vuls/blob/main/241217-BaiduLite/241217-BaiduLite.pdf

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2025-01-27T00:00:00.000Z

Updated: 2025-01-28T19:43:09.636Z

Reserved: 2025-01-09T00:00:00.000Z

Link: CVE-2024-56952

Vulnrichment

Updated: 2025-01-28T14:49:07.651Z

NVD

Status : Awaiting Analysis

Published: 2025-01-27T19:15:16.697

Modified: 2025-01-28T20:15:52.250

Link: CVE-2024-56952

Redhat

No data.

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction Required

Exploitation poc

Automatable no

Technical Impact partial

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object