CVE-2023-23436 – This vulnerability in some Honor products allow... (How to Fix)

Q: What is the severity of CVE-2023-23436?

CVE-2023-23436 has a CVSS score of 7.3 (HIGH). This vulnerability in some Honor products allows attackers to forge system files and overwrite legitimate ones due to improper signature verification. It affects Honor device users who haven't applied security updates. Successful exploitation could lead to system compromise.

📋 TL;DR

This vulnerability in some Honor products allows attackers to forge system files and overwrite legitimate ones due to improper signature verification. It affects Honor device users who haven't applied security updates. Successful exploitation could lead to system compromise.

💻 Affected Systems

Products:

Honor smartphones and tablets (specific models not detailed in CVE)

Versions: Specific affected versions not detailed in CVE description

Operating Systems: Android-based Honor Magic UI

Default Config Vulnerable: ⚠️ Yes

Notes: Affects devices with vulnerable signature verification implementation

📦 What is this software?

Magicos by Honor

View all CVEs affecting Magicos →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system compromise allowing installation of malicious firmware, data theft, or device bricking

🟠

Likely Case

System instability, unauthorized system modifications, or privilege escalation

🟢

If Mitigated

Limited impact with proper signature verification and file integrity checks

🌐 Internet-Facing: LOW (requires local access or physical proximity to device)

🏢 Internal Only: MEDIUM (could be exploited by malicious insiders or compromised internal systems)

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Requires ability to forge system files and bypass signature checks

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Check Honor security updates for your specific device model

Vendor Advisory: https://www.hihonor.com/global/security/cve-2023-23436/

Restart Required: Yes

Instructions:

1. Check for system updates in device settings. 2. Install latest security update. 3. Restart device. 4. Verify update applied successfully.

🔧 Temporary Workarounds

Disable developer options and USB debugging

android

Prevents unauthorized system modifications via USB connections

Settings > System > Developer options > Toggle off

Enable verified boot

android

Ensures only signed system images can boot

Settings > Security > Verify apps

🧯 If You Can't Patch

Restrict physical access to devices
Implement mobile device management (MDM) with strict security policies

🔍 How to Verify

Check if Vulnerable:

Check device security patch level in Settings > About phone > Build number

Check Version:

Settings > About phone > Build number

Verify Fix Applied:

Verify security patch date is after vulnerability disclosure (March 2023)

📡 Detection & Monitoring

Log Indicators:

Unexpected system file modifications
Failed signature verification attempts
Unauthorized system update attempts

Network Indicators:

Unusual update server connections
Suspicious file transfers to device

SIEM Query:

Device logs showing system file modifications outside of authorized update processes

📊 Metadata

CVE ID: CVE-2023-23436

CVSS v3 Score: 7.3 (HIGH)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L

CWE: CWE-347

Published: December 29, 2023

Last Updated: January 27, 2026

🔗 References

https://www.hihonor.com/global/security/cve-2023-23436/ Vendor Advisory
https://www.hihonor.com/global/security/cve-2023-23436/ Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-23436, you might also want to check these: