Lucene search

Google_DevicesCVE-2023-48424

HistoryDec 11, 2023 - 6:15 a.m.

CVE-2023-48424

2023-12-1106:15:42

Google_Devices

web.nvd.nist.gov

u-boot

shell

vulnerability

privilege escalation

production device

nvd

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

8.3

Confidence

High

EPSS

0.001

Percentile

26.2%

JSON

U-Boot shell vulnerability resulting in Privilege escalation in a production device

Affected configurations

Nvd

Node

googlechromecast_firmwareRange<2023-10-01

AND

googlechromecastMatch-

VendorProductVersionCPE
googlechromecast_firmware*cpe:2.3:o:google:chromecast_firmware:*:*:*:*:*:*:*:*
googlechromecast-cpe:2.3:h:google:chromecast:-:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
google	chromecast_firmware	*	cpe:2.3:o:google:chromecast_firmware::::::::
google	chromecast	-	cpe:2.3:h:google:chromecast:-:::::::*

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "Android",
    "vendor": "Google",
    "versions": [
      {
        "status": "affected",
        "version": "Android SoC"
      }
    ]
  }
]

References

source.android.com/docs/security/bulletin/chromecast/2023-12-01

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

8.3

Confidence

High

EPSS

0.001

Percentile

26.2%

JSON

Related for CVE-2023-48424