Summaryinfo

A vulnerability classified as critical was found in Honor Magic OS. This issue affects some unknown processing. Such manipulation leads to privileges management. This vulnerability is uniquely identified as CVE-2023-23429. Local access is required to approach this attack. No exploit exists. Upgrading the affected component is advised. If you want to get best quality of vulnerability data, you may have to visit VulDB.

Detailsinfo

A vulnerability was found in Honor Magic OS and classified as problematic. Affected by this issue is an unknown function. The manipulation with an unknown input leads to a privileges management vulnerability. Using CWE to declare the problem leads to CWE-269. The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor. Impacted is availability. CVE summarizes:

Some Honor products are affected by incorrect privilege assignment vulnerability, successful exploitation could cause device service exceptions.

The weakness was disclosed 12/29/2023. The advisory is available at hihonor.com. This vulnerability is handled as CVE-2023-23429 since 01/12/2023. The technical details are unknown and an exploit is not available. This vulnerability is assigned to T1068 by the MITRE ATT&CK project.

Upgrading to version 7.0.0.193 eliminates this vulnerability.

If you want to get best quality of vulnerability data, you may have to visit VulDB.

Productinfo

Vendor

• Honor

Name

• Magic OS

Version

• 7.0.0.129
• 7.0.0.156
• 7.0.0.158

CPE 2.3info

• 🔍
• 🔍
• 🔍

CPE 2.2info

• 🔍
• 🔍
• 🔍

CVSSv4info

CVSSv3info

CVSSv2info

Exploitinginfo

Threat Intelligenceinfo

Countermeasuresinfo

Timelineinfo

Sourcesinfo

Entryinfo

Discussion