Lucene search

HonorCVE-2023-23431

HistoryDec 29, 2023 - 2:15 a.m.

CVE-2023-23431

2023-12-2902:15:43

CWE-347

Honor

web.nvd.nist.gov

nvd

cve-2023-23431

honor products

signature management

vulnerability

file overwrite

CVSS3

7.3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H

AI Score

6.8

Confidence

High

EPSS

Percentile

9.0%

JSON

Some Honor products are affected by signature management vulnerability, successful exploitation could cause the forged system file overwrite the correct system file.

Affected configurations

Nvd

Node

hihonornth-an00_firmwareRange<7.0.0.157

AND

hihonornth-an00Match-

VendorProductVersionCPE
hihonornth-an00_firmware*cpe:2.3:o:hihonor:nth-an00_firmware:*:*:*:*:*:*:*:*
hihonornth-an00-cpe:2.3:h:hihonor:nth-an00:-:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
hihonor	nth-an00_firmware	*	cpe:2.3:o:hihonor:nth-an00_firmware::::::::
hihonor	nth-an00	-	cpe:2.3:h:hihonor:nth-an00:-:::::::*

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "NTH-AN00",
    "vendor": "Honor",
    "versions": [
      {
        "lessThan": " 7.0.0.157",
        "status": "affected",
        "version": " 7.0.0.138",
        "versionType": "custom"
      }
    ]
  }
]

References

www.hihonor.com/global/security/cve-2023-23431/

CVSS3

7.3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H

AI Score

6.8

Confidence

High

EPSS

Percentile

9.0%

JSON

Related for CVE-2023-23431