Summaryinfo

A vulnerability, which was classified as critical, has been found in Honor Magic OS. Impacted is an unknown function. Performing a manipulation results in privileges management. This vulnerability was named CVE-2023-23427. The attack needs to be approached locally. There is no available exploit. It is advisable to upgrade the affected component. Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.

Detailsinfo

A vulnerability was found in Honor Magic OS. It has been classified as problematic. This affects an unknown functionality. The manipulation with an unknown input leads to a privileges management vulnerability. CWE is classifying the issue as CWE-269. The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor. This is going to have an impact on availability. The summary by CVE is:

Some Honor products are affected by incorrect privilege assignment vulnerability, successful exploitation could cause device service exceptions.

The weakness was presented 12/29/2023. It is possible to read the advisory at hihonor.com. This vulnerability is uniquely identified as CVE-2023-23427 since 01/12/2023. The technical details are unknown and an exploit is not publicly available. The attack technique deployed by this issue is T1068 according to MITRE ATT&CK.

Upgrading to version 7.1.0.74 eliminates this vulnerability.

Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.

Productinfo

Vendor

• Honor

Name

• Magic OS

Version

• 7.0.0.129
• 7.0.0.156
• 7.0.0.158
• 7.0.0.193

CPE 2.3info

• 🔍
• 🔍
• 🔍

CPE 2.2info

• 🔍
• 🔍
• 🔍

CVSSv4info

CVSSv3info

CVSSv2info

Exploitinginfo

Threat Intelligenceinfo

Countermeasuresinfo

Timelineinfo

Sourcesinfo

Entryinfo

Discussion