Lucene search

HonorCVELIST:CVE-2023-23432

HistoryDec 29, 2023 - 1:20 a.m.

CVE-2023-23432

2023-12-2901:20:05

CWE-347

Honor

www.cve.org

honor products

signature management

vulnerability

system file overwrite

CVSS3

7.3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H

AI Score

7.3

Confidence

High

EPSS

Percentile

9.0%

JSON

Some Honor products are affected by signature management vulnerability, successful exploitation could cause the forged system file overwrite the correct system file.

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "NTH-AN00",
    "vendor": "Honor",
    "versions": [
      {
        "lessThan": "7.0.0.157",
        "status": "affected",
        "version": "7.0.0.138",
        "versionType": "custom"
      }
    ]
  }
]

References

www.hihonor.com/global/security/cve-2023-23432/

CVSS3

7.3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H

AI Score

7.3

Confidence

High

EPSS

Percentile

9.0%

JSON

Related for CVELIST:CVE-2023-23432