CVE-2023-0036 | platform_callback_stub in misc subsystem has an authentication bypass vulnerability which allows an "SA relay attack".
platform_callback_stub in misc subsystem within OpenHarmony-v3.0.5 and prior versions has an authentication bypass vulnerability which allows an "SA relay attack".Local attackers can bypass authentication and attack other SAs with high privilege.
Conclusion & alert: CVE-2023-0036 is rated Low Risk (28.9/100): CVSS Medium severity, with low exploitation likelihood (EPSS 0.18%).Mandatory action: Monitor for updates and reassess as exploit intelligence or EPSS changes.
Risk is dynamic; we continuously reassess and refresh what is shown on this page as upstream context changes.
Exploit prediction scoring system (EPSS) score for CVE-2023-0036
EPSS lead: Daily EPSS estimates relative likelihood of exploitation; percentile ranks this CVE among scored vulnerabilities (higher = more severe relative rank).