CVE-2023-23424

Some Honor products are affected by file writing vulnerability, successful exploitation could cause code execution

CVSS v3 9.8 CRITICAL

9.8^/10

CVSS v3 : CRITICAL

Vector :

Exploitability : 3.9 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://www.hihonor.com/global/security/cve-2023-23424/	Vendor Advisory

Configurations

Configuration 1 (hide)

AND

cpe:2.3:o:hihonor:nth-an00_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:hihonor:nth-an00:-:*:*:*:*:*:*:*

History

04 Jan 2024, 23:32

Type	Values Removed	Values Added
References	~~() https://www.hihonor.com/global/security/cve-2023-23424/ -~~	() https://www.hihonor.com/global/security/cve-2023-23424/ - Vendor Advisory
CWE		NVD-CWE-noinfo
CVSS	v2 : ~~unknown~~ v3 : ~~6.5~~	v2 : unknown v3 : 9.8
First Time		Hihonor nth-an00 Hihonor Hihonor nth-an00 Firmware
CPE		cpe:2.3:h:hihonor:nth-an00:-:::::::* cpe:2.3:o:hihonor:nth-an00_firmware::::::::

29 Dec 2023, 13:56

Type	Values Removed	Values Added
Summary		(es) Algunos productos Honor se ven afectados por una vulnerabilidad de escritura de archivos, una explotación exitosa podría provocar la ejecución del código

29 Dec 2023, 03:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2023-12-29 03:15

Updated : 2024-01-04 23:32

NVD link : CVE-2023-23424

Mitre link : CVE-2023-23424

CVE.ORG link : CVE-2023-23424

JSON object : View

Products Affected

hihonor

nth-an00_firmware
nth-an00

CWE

NVD-CWE-noinfo

{"id": "CVE-2023-23424", "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 3.9}, {"type": "Secondary", "source": "3836d913-7555-4dd0-a509-f5667fdf5fe4", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 2.5, "exploitabilityScore": 3.9}]}, "published": "2023-12-29T03:15:08.843", "references": [{"url": "https://www.hihonor.com/global/security/cve-2023-23424/", "tags": ["Vendor Advisory"], "source": "3836d913-7555-4dd0-a509-f5667fdf5fe4"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}], "descriptions": [{"lang": "en", "value": "\nSome Honor products are affected by file writing vulnerability, successful exploitation could cause code execution\n\n"}, {"lang": "es", "value": "Algunos productos Honor se ven afectados por una vulnerabilidad de escritura de archivos, una explotaci\u00f3n exitosa podr\u00eda provocar la ejecuci\u00f3n del c\u00f3digo"}], "lastModified": "2024-01-04T23:32:25.220", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:hihonor:nth-an00_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "EB281C2B-2AED-4E2D-8BF1-3D3BFB8EB16B", "versionEndExcluding": "7.0.0.120\\(c00e120r8p2\\)"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:hihonor:nth-an00:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "A086FF80-9CB7-4590-9025-B8757B64E358"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "3836d913-7555-4dd0-a509-f5667fdf5fe4"}