CVE-2023-51427

Access of Resource Using Incompatible Type ('Type Confusion') (CWE-843)

Published: Dec 29, 2023 / Updated: 10mo ago

010
CVSS 4.6EPSS 0.04%Medium
CVE info copied to clipboard

Some Honor products are affected by type confusion vulnerability, successful exploitation could cause information leak.

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:L/A:L

Timeline

CVE Assignment

NVD published the first details for CVE-2023-51427

Dec 28, 2023 at 8:15 PM
First Article

Feedly found the first article mentioning CVE-2023-51427. See article

Dec 29, 2023 at 4:21 AM / National Vulnerability Database
EPSS

EPSS Score was set to: 0.04% (Percentile: 6.9%)

Jan 3, 2024 at 3:17 PM
Threat Intelligence Report

The vulnerability CVE-2023-51427 affects certain Honor products and is classified as a type confusion vulnerability. Successful exploitation of this vulnerability could lead to an information leak. As of now, there is no information provided regarding the criticality of the vulnerability, if it has been exploited in the wild, the availability of proof-of-concept exploits, mitigations, detections, patches, or any downstream impacts to third-party vendors or technology. See article

Jan 8, 2024 at 7:44 PM
Static CVE Timeline Graph

Affected Systems

Hihonor/magic_os
+null more

Patches

www.hihonor.com
+null more

References

Type Confusion Vulnerability in Some Honor Products
For products that have released software updates to fix this vulnerability, Honor will release and update the Security Advisory. Some Honor products are affected by type confusion vulnerability, successful exploitation could cause information leak.
Vulnerability Summary for the Week of December 25, 2023 | CISA
security-advisories@github.com cacti — cacti Reflected Cross Site Scripting (XSS) vulnerability in Cacti v1.2.25, allows remote attackers to escalate privileges when uploading an xml template file via templates_import.php. Affected by this issue is some unknown functionality of the file /admin/borrow_add.php of the component HTTP POST Request Handler.
US-CERT Vulnerability Summary for the Week of January 1, 2024
[email protected] documize — documize SQL Injection vulnerability in Documize version 5.4.2, allows remote attackers to execute arbitrary code via the user parameter of the /api/dashboard/activity endpoint. [email protected] cesanta — mjs An issue in Cesanta mjs 2.20.0 allows a remote attacker to cause a denial of service via the mjs_op_json_parse function in the msj.c file.
See 1 more references

News

Vulnerability Summary for the Week of December 25, 2023 | CISA
security-advisories@github.com cacti — cacti Reflected Cross Site Scripting (XSS) vulnerability in Cacti v1.2.25, allows remote attackers to escalate privileges when uploading an xml template file via templates_import.php. Affected by this issue is some unknown functionality of the file /admin/borrow_add.php of the component HTTP POST Request Handler.
US-CERT Vulnerability Summary for the Week of January 1, 2024
[email protected] documize — documize SQL Injection vulnerability in Documize version 5.4.2, allows remote attackers to execute arbitrary code via the user parameter of the /api/dashboard/activity endpoint. [email protected] cesanta — mjs An issue in Cesanta mjs 2.20.0 allows a remote attacker to cause a denial of service via the mjs_op_json_parse function in the msj.c file.
Vulnerability Summary for the Week of January 1, 2024
High Vulnerabilities Primary Vendor -- Product Description Published CVSS Score Source & Patch Info 7-card -- fakabao A vulnerability has been found in 7-card Fakabao up to 1.0_build20230805 and classified as critical. Affected by this vulnerability is an unknown functionality of the file shop/alipay_notify.php. The manipulation of the argument out_trade_no leads to sql injection. The exploit has been disclosed to the public and may be used. The identifier VDB-249385 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. 2023-12-31 8.8 CVE-2023-7183 cna@vuldb.com cna@vuldb.com cna@vuldb.com 7-card -- fakabao A vulnerability was found in 7-card Fakabao up to 1.0_build20230805 and classified as critical. Affected by this issue is some unknown functionality of the file shop/notify.php. The manipulation of the argument out_trade_no leads to sql injection.
US-CERT Vulnerability Summary for the Week of December 25, 2023
[email protected] cacti — cacti Reflected Cross Site Scripting (XSS) vulnerability in Cacti v1.2.25, allows remote attackers to escalate privileges when uploading an xml template file via templates_import.php. Affected by this issue is some unknown functionality of the file /admin/borrow_add.php of the component HTTP POST Request Handler.
CVE-2023-51427 | Honor Magic OS prior 7.0.0.129 type confusion
A vulnerability has been found in Honor Magic OS and classified as problematic . This vulnerability affects unknown code. The manipulation leads to type confusion. This vulnerability was named CVE-2023-51427 . Local access is required to approach this attack. There is no exploit available. It is recommended to upgrade the affected component.
See 5 more articles and social media posts

CVSS V3.1

Attack Vector:Local
Attack Complexity:Low
Privileges Required:High
User Interaction:None
Scope:Changed
Confidentiality:None
Integrity:Low
Availability Impact:Low

Categories

Be the first to know about critical vulnerabilities

Collect, analyze, and share vulnerability reports faster using AI