Lucene search

HonorCVELIST:CVE-2023-23433

HistoryDec 29, 2023 - 1:49 a.m.

CVE-2023-23433

2023-12-2901:49:15

CWE-347

Honor

www.cve.org

honor products

signature management

vulnerability

system file overwrite

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

AI Score

Confidence

High

EPSS

Percentile

9.0%

JSON

Some Honor products are affected by signature management vulnerability, successful exploitation could cause the forged system file overwrite the correct system file.

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "NTH-AN00",
    "vendor": "Honor",
    "versions": [
      {
        "lessThan": "7.0.0.157",
        "status": "affected",
        "version": "7.0.0.138",
        "versionType": "custom"
      }
    ]
  }
]

References

www.hihonor.com/global/security/cve-2023-23433/

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

AI Score

Confidence

High

EPSS

Percentile

9.0%

JSON

Related for CVELIST:CVE-2023-23433