Incorrect Privilege Assignment in Some Honor Products

Security Advisory – Incorrect Privilege Assignment in Some Honor Products

1.Summary

Some Honor products are affected by signature management vulnerability, successful exploitation could cause the forged system file overwrite the correct system file.

This vulnerability has been assigned a Common Vulnerabilities and Exposures (CVE) ID: CVE-2023-23432

For products that have released software updates to fix this vulnerability, Honor will release and update the Security Advisory.

2. Software Versions and Fixes

Product Name	Resolved Product and Version
NTH-AN00	7.0.0.157

3. Impact

Successful exploitation could cause the forged system file overwrite the correct system file.

4.Obtaining Fixed Software

The product that supports automatic update will receive a system update prompt. You can install the update to fix the vulnerability.

5. Revision History

2022-12-06 V1.0 INITIAL

6. Acknowledgement

Zhang Qing from Bytedance&BaiGuang dong&Wang Kailong

7.Honor Security Procedures

Honor adheres to protecting the ultimate interests of users with best efforts and the principle of responsible disclosure and deal with product security issues through our response mechanism.

To enjoy obtain Honor product vulnerability information, please visit https://www.honor.com/in/security/

ABOUT HONOR

Events