Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cveMitreCVE-2023-33248
HistoryMay 24, 2023 - 10:15 p.m.

CVE-2023-33248

2023-05-2422:15:09
mitre
web.nvd.nist.gov
49
amazon
alexa
echo dot
software
vulnerability
audio signal
attack
security issue
nvd
cve-2023-33248

CVSS3

7.6

Attack Vector

ADJACENT

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:L/I:H/A:H

AI Score

7.6

Confidence

High

EPSS

0.001

Percentile

22.9%

JSON

Amazon Alexa software version 8960323972 on Echo Dot 2nd generation and 3rd generation devices potentially allows attackers to deliver security-relevant commands via an audio signal between 16 and 22 kHz (often outside the range of human adult hearing). Commands at these frequencies are essentially never spoken by authorized actors, but a substantial fraction of the commands are successful.

Affected configurations

Nvd
Node
amazonalexaMatch8960323972
AND
amazonecho_dotMatch-2nd_gen
OR
amazonecho_dotMatch-3rd_gen
VendorProductVersionCPE
amazonalexa8960323972cpe:2.3:o:amazon:alexa:8960323972:*:*:*:*:*:*:*
amazonecho_dot-cpe:2.3:h:amazon:echo_dot:-:*:2nd_gen:*:*:*:*:*
amazonecho_dot-cpe:2.3:h:amazon:echo_dot:-:*:3rd_gen:*:*:*:*:*

Related

cvelist 1
prion 1
nvd 1
cvelist
cvelist
CVE-2023-33248
2023-05-24 00:00:00
prion
prion
Design/Logic Flaw
2023-05-24 22:15:00
nvd
nvd
CVE-2023-33248
2023-05-24 22:15:09

CVSS3

7.6

Attack Vector

ADJACENT

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:L/I:H/A:H

AI Score

7.6

Confidence

High

EPSS

0.001

Percentile

22.9%

JSON
Related for CVE-2023-33248
cvelist1prion1nvd1