Login Sign Up

CVE-2023-1691

7.5 HIGH
Denial of Service

📋 TL;DR

This vulnerability involves improper exception handling in Huawei's communication framework, allowing attackers to trigger abnormal behavior in affected features. It affects Huawei devices running HarmonyOS and certain Android-based EMUI systems. Successful exploitation could disrupt functionality or potentially lead to denial of service.

💻 Affected Systems

Products:
  • Huawei smartphones
  • Huawei tablets
  • Huawei wearables
Versions: HarmonyOS versions before specific security patches in July 2023
Operating Systems: HarmonyOS, Android-based EMUI
Default Config Vulnerable: ⚠️ Yes
Notes: Affects devices with the vulnerable communication framework components. Specific models and exact version ranges should be verified via Huawei security bulletins.

📦 What is this software?

Emui by Huawei

View all CVEs affecting Emui →

Emui by Huawei

View all CVEs affecting Emui →

Emui by Huawei

View all CVEs affecting Emui →

Emui by Huawei

View all CVEs affecting Emui →

Harmonyos by Huawei

View all CVEs affecting Harmonyos →

Harmonyos by Huawei

View all CVEs affecting Harmonyos →

Harmonyos by Huawei

View all CVEs affecting Harmonyos →

Harmonyos by Huawei

View all CVEs affecting Harmonyos →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete disruption of communication features leading to denial of service, potentially affecting device stability and core functionality.

🟠

Likely Case

Partial feature degradation or temporary service interruption in communication-related functions.

🟢

If Mitigated

Minimal impact with proper exception handling and monitoring in place.

🌐 Internet-Facing: MEDIUM
🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: MEDIUM

Exploitation requires triggering specific conditions in the communication framework. No public exploits have been reported as of the advisory date.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Security patches released in July 2023

Vendor Advisory: https://consumer.huawei.com/en/support/bulletin/2023/7/

Restart Required: Yes

Instructions:

1. Check for system updates in device settings. 2. Install the latest security patch from July 2023 or later. 3. Restart the device after installation.

🔧 Temporary Workarounds

Disable unnecessary communication features

all

Temporarily disable non-essential communication services to reduce attack surface

🧯 If You Can't Patch

  • Isolate affected devices from critical networks
  • Implement network monitoring for abnormal communication patterns

🔍 How to Verify

Check if Vulnerable:

Check device security patch level in Settings > About phone > Build number

Check Version:

Settings > About phone > Build number (no CLI command available)

Verify Fix Applied:

Verify security patch date is July 2023 or later in device settings

📡 Detection & Monitoring

Log Indicators:

  • Unexpected communication framework crashes
  • Exception stack traces in system logs

Network Indicators:

  • Abnormal communication patterns from affected devices

SIEM Query:

device_logs WHERE message CONTAINS 'communication framework exception' OR message CONTAINS 'CVE-2023-1691'

📊 Metadata

CVE ID: CVE-2023-1691
CVSS v3 Score: 7.5 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
CWE: CWE-248
Published: July 6, 2023
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-1691, you might also want to check these:

CVE-2024-42037 9.3

This vulnerability involves uncaught exceptions in the Graphics module that could allow attackers to...

Same vulnerability type (CWE-248)
CVE-2025-67647 9.1

SvelteKit versions 2.19.0 through 2.49.4 are vulnerable to server-side request forgery (SSRF) and de...

Same vulnerability type (CWE-248)
CVE-2023-20086 8.6

An unauthenticated remote attacker can send crafted ICMPv6 messages to Cisco ASA or FTD devices with...

Same vulnerability type (CWE-248)