MidnightBSD

Advisories for hihonor

CVE-2023-23424

Some Honor products are affected by file writing vulnerability, successful exploitation could cause code execution

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9
3836d913-7555-4dd0-a509-f5667fdf5fe4 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L 3.9 2.5

Products Affected

Vendor Product Version
hihonor nth-an00_firmware *
CVE-2023-23426

Some Honor products are affected by file writing vulnerability, successful exploitation could cause information disclosure.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
3836d913-7555-4dd0-a509-f5667fdf5fe4 6.6 MEDIUM CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:L 1.8 4.7
nvd@nist.gov 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N 1.8 3.6

Products Affected

Vendor Product Version
hihonor fri-an00_firmware *
CVE-2023-23427

Some Honor products are affected by incorrect privilege assignment vulnerability, successful exploitation could cause device service exceptions.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6
3836d913-7555-4dd0-a509-f5667fdf5fe4 4.0 MEDIUM CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L 2.5 1.4

Products Affected

Vendor Product Version
honor magicos *
hihonor magic_os *
CVE-2023-23428

Some Honor products are affected by incorrect privilege assignment vulnerability, successful exploitation could cause device service exceptions.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
3836d913-7555-4dd0-a509-f5667fdf5fe4 3.3 LOW CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L 1.8 1.4
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

Products Affected

Vendor Product Version
honor magicos *
hihonor magic_os *
CVE-2023-23429

Some Honor products are affected by incorrect privilege assignment vulnerability, successful exploitation could cause device service exceptions.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
3836d913-7555-4dd0-a509-f5667fdf5fe4 4.0 MEDIUM CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N 2.5 1.4
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

Products Affected

Vendor Product Version
honor magicos *
hihonor magic_os *
CVE-2023-23430

Some Honor products are affected by incorrect privilege assignment vulnerability, successful exploitation could cause device service exceptions.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6
3836d913-7555-4dd0-a509-f5667fdf5fe4 3.3 LOW CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L 1.8 1.4

Products Affected

Vendor Product Version
hihonor magichome *
CVE-2023-23431

Some Honor products are affected by signature management vulnerability, successful exploitation could cause the forged system file overwrite the correct system file.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.1 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H 1.8 5.2
3836d913-7555-4dd0-a509-f5667fdf5fe4 7.3 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H 2.5 4.7

Products Affected

Vendor Product Version
hihonor nth-an00_firmware *
CVE-2023-23432

Some Honor products are affected by signature management vulnerability, successful exploitation could cause the forged system file overwrite the correct system file.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
3836d913-7555-4dd0-a509-f5667fdf5fe4 7.3 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H 2.5 4.7
nvd@nist.gov 7.1 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H 1.8 5.2

Products Affected

Vendor Product Version
hihonor nth-an00_firmware *
CVE-2023-23433

Some Honor products are affected by signature management vulnerability, successful exploitation could cause the forged system file overwrite the correct system file.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
3836d913-7555-4dd0-a509-f5667fdf5fe4 4.0 MEDIUM CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N 2.5 1.4
nvd@nist.gov 7.1 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H 1.8 5.2

Products Affected

Vendor Product Version
hihonor nth-an00_firmware *
CVE-2023-23434

Some Honor products are affected by information leak vulnerability, successful exploitation could cause the information leak.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N 1.8 3.6
3836d913-7555-4dd0-a509-f5667fdf5fe4 4.0 MEDIUM CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N 2.5 1.4

Products Affected

Vendor Product Version
hihonor honorboardapp *
CVE-2023-23435

Some Honor products are affected by signature management vulnerability, successful exploitation could cause the forged system file overwrite the correct system file

CVSS 3.x

Source Score Severity Vector Exploitability Impact
3836d913-7555-4dd0-a509-f5667fdf5fe4 4.0 MEDIUM CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L 2.5 1.4
nvd@nist.gov 7.1 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H 1.8 5.2

Products Affected

Vendor Product Version
honor magicos *
hihonor magic_os *
CVE-2023-23436

Some Honor products are affected by signature management vulnerability, successful exploitation could cause the forged system file overwrite the correct system file

CVSS 3.x

Source Score Severity Vector Exploitability Impact
3836d913-7555-4dd0-a509-f5667fdf5fe4 7.3 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L 2.5 4.7
nvd@nist.gov 7.1 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H 1.8 5.2

Products Affected

Vendor Product Version
honor magicos *
hihonor magic_os *
CVE-2023-23437

Some Honor products are affected by information leak vulnerability, successful exploitation could cause the information leak

CVSS 3.x

Source Score Severity Vector Exploitability Impact
3836d913-7555-4dd0-a509-f5667fdf5fe4 3.3 LOW CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N 1.8 1.4
nvd@nist.gov 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N 1.8 3.6

Products Affected

Vendor Product Version
hihonor vmall *
CVE-2023-23438

Some Honor products are affected by incorrect privilege assignment vulnerability, successful exploitation could cause device service exceptions

CVSS 3.x

Source Score Severity Vector Exploitability Impact
3836d913-7555-4dd0-a509-f5667fdf5fe4 4.0 MEDIUM CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N 2.5 1.4
nvd@nist.gov 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N 1.8 3.6

Products Affected

Vendor Product Version
hihonor lge-an00_firmware *
CVE-2023-23439

Some Honor products are affected by information leak vulnerability, successful exploitation could cause the information leak.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
3836d913-7555-4dd0-a509-f5667fdf5fe4 4.0 MEDIUM CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L 2.5 1.4
nvd@nist.gov 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N 1.8 3.6

Products Affected

Vendor Product Version
hihonor lge-an00_firmware *
CVE-2023-23440

Some Honor products are affected by information leak vulnerability, successful exploitation could cause the information leak.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N 1.8 3.6
3836d913-7555-4dd0-a509-f5667fdf5fe4 3.3 LOW CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N 1.8 1.4

Products Affected

Vendor Product Version
hihonor lge-an00_firmware *
CVE-2023-23441

Some Honor products are affected by out of bounds read vulnerability, successful exploitation could cause information leak.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N 1.8 3.6
3836d913-7555-4dd0-a509-f5667fdf5fe4 6.0 MEDIUM CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N 1.5 4.0

Products Affected

Vendor Product Version
hihonor magic_ui *
CVE-2023-23442

Some Honor products are affected by type confusion vulnerability, successful exploitation could cause information leak.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
3836d913-7555-4dd0-a509-f5667fdf5fe4 4.6 MEDIUM CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:L/A:L 1.5 2.7
nvd@nist.gov 7.1 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H 1.8 5.2

Products Affected

Vendor Product Version
honor magicos *
hihonor magic_os *
CVE-2023-23443

Some Honor products are affected by type confusion vulnerability, successful exploitation could cause information leak.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
3836d913-7555-4dd0-a509-f5667fdf5fe4 4.6 MEDIUM CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:L/A:L 1.5 2.7
nvd@nist.gov 7.1 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H 1.8 5.2

Products Affected

Vendor Product Version
hihonor magic_os *
CVE-2023-51426

Some Honor products are affected by type confusion vulnerability, successful exploitation could cause information leak.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.1 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H 1.8 5.2
3836d913-7555-4dd0-a509-f5667fdf5fe4 4.6 MEDIUM CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:L/A:L 1.5 2.7

Products Affected

Vendor Product Version
hihonor magic_os *
CVE-2023-51427

Some Honor products are affected by type confusion vulnerability, successful exploitation could cause information leak.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.1 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H 1.8 5.2
3836d913-7555-4dd0-a509-f5667fdf5fe4 4.6 MEDIUM CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:L/A:L 1.5 2.7

Products Affected

Vendor Product Version
hihonor magic_os *
CVE-2023-51428

Some Honor products are affected by type confusion vulnerability, successful exploitation could cause information leak.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
3836d913-7555-4dd0-a509-f5667fdf5fe4 4.6 MEDIUM CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:L/A:L 1.5 2.7
nvd@nist.gov 7.1 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H 1.8 5.2

Products Affected

Vendor Product Version
hihonor magic_os *
CVE-2023-51429

Some Honor products are affected by incorrect privilege assignment vulnerability, successful exploitation could cause information leak.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
3836d913-7555-4dd0-a509-f5667fdf5fe4 6.0 MEDIUM CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N 1.5 4.0
nvd@nist.gov 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N 1.8 3.6

Products Affected

Vendor Product Version
hihonor magic_os *
CVE-2023-51430

Some Honor products are affected by incorrect privilege assignment vulnerability, successful exploitation could cause information leak.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
3836d913-7555-4dd0-a509-f5667fdf5fe4 4.4 MEDIUM CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N 0.8 3.6
nvd@nist.gov 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N 1.8 3.6

Products Affected

Vendor Product Version
hihonor magic_ui *
CVE-2023-51431

Some Honor products are affected by incorrect privilege assignment vulnerability, successful exploitation could cause device service exceptions.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 1.8 3.6
3836d913-7555-4dd0-a509-f5667fdf5fe4 7.0 HIGH CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H 1.0 5.9

Products Affected

Vendor Product Version
hihonor phoneservice *
CVE-2023-51432

Some Honor products are affected by out of bounds read vulnerability, successful exploitation could cause information leak.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
3836d913-7555-4dd0-a509-f5667fdf5fe4 3.2 LOW CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:L/I:N/A:N 1.5 1.4
nvd@nist.gov 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N 1.8 3.6

Products Affected

Vendor Product Version
hihonor magic_ui *
CVE-2023-51433

Some Honor products are affected by incorrect privilege assignment vulnerability, successful exploitation could cause information leak.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N 1.8 3.6
3836d913-7555-4dd0-a509-f5667fdf5fe4 2.9 LOW CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N 1.4 1.4

Products Affected

Vendor Product Version
hihonor magic_ui *
CVE-2023-51434

Some Honor products are affected by buffer overflow vulnerability, successful exploitation could cause code execution.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9
3836d913-7555-4dd0-a509-f5667fdf5fe4 9.3 CRITICAL CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H 2.5 6.0

Products Affected

Vendor Product Version
hihonor magic_ui *
CVE-2023-51435

Some Honor products are affected by incorrect privilege assignment vulnerability, successful exploitation could cause information leak.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.1 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H 1.8 5.2
3836d913-7555-4dd0-a509-f5667fdf5fe4 7.1 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N 2.5 4.0

Products Affected

Vendor Product Version
hihonor magic_ui *
CVE-2023-6939

Some Honor products are affected by type confusion vulnerability, successful exploitation could cause denial of service.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
3836d913-7555-4dd0-a509-f5667fdf5fe4 4.0 MEDIUM CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L 2.5 1.4
nvd@nist.gov 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 1.8 3.6

Products Affected

Vendor Product Version
hihonor magic_ui *