CVE-2024-23922
Essential information
- Published
- 23/09/2024 15:15
- Modified
- 30/09/2024 15:37
- Author
- —
- Creator
- —
- CVSS
- 6.8 MEDIUM (v3.1)
- CISA KEV
- No
- CWE
- —
- CVSS vector
-
—
CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H—
CVSS metrics
- Access vector
- —
- Access complexity
- —
- Authentication
- —
- Confidentiality impact
- —
- Integrity impact
- —
- Availability impact
- —
- Exploitability
- —
- Remediation level
- —
- Report confidence
- —
- Temporal score
- —
- Attack vector
- PHYSICAL
- Attack complexity
- LOW
- Privileges required
- NONE
- User interaction
- NONE
- Scope
- UNCHANGED
- Confidentiality impact
- HIGH
- Integrity impact
- HIGH
- Availability impact
- HIGH
- Exploit code maturity
- —
- Remediation level
- —
- Report confidence
- —
- Temporal score
- —
- Attack vector
- —
- Attack complexity
- —
- Attack requirements
- —
- Privileges required
- —
- User interaction
- —
- Confidentiality (V)
- —
- Confidentiality (S)
- —
- Integrity (V)
- —
- Integrity (S)
- —
- Availability (V)
- —
- Availability (S)
- —
- Exploit maturity
- —
Description
Sony XAV-AX5500 Insufficient Firmware Update Validation Remote Code Execution Vulnerability. This vulnerability allows physically present attackers to execute arbitrary code on affected installations of Sony XAV-AX5500 devices. Authentication is not required to exploit this vulnerability.
The specific flaw exists within the handling of software updates. The issue results from the lack of proper validation of software update packages. An attacker can leverage this vulnerability to execute code in the context of the device.
Was ZDI-CAN-22939
NVD status
- Status
- Analyzed — CVE has been recently published to the CVE List and has been received by the NVD.
- Source
- [email protected]
- NVD
- View on NVD
Affected products (CPE)
| Product | CPE |
|---|---|
| sony / xav-ax5500 firmware | cpe:2.3:o:sony:xav-ax5500_firmware:1.13:*:*:*:*:*:*:* |
| sony / xav-ax5500 | cpe:2.3:h:sony:xav-ax5500:-:*:*:*:*:*:*:* |