Lucene search

BitdefenderCVELIST:CVE-2023-1385

HistoryMay 03, 2023 - 12:33 p.m.

CVE-2023-1385

2023-05-0312:33:31

CWE-330

Bitdefender

www.cve.org

cve-2023-1385

jpake

pin brute-forcing

initialization

unauthorized authentication

amazon fire tv stick

insignia tv

fireos

7.1 High

CVSS3

Attack Vector

ADJACENT

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N

8.9 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

22.7%

JSON

Improper JPAKE implementation allows offline PIN brute-forcing due to the initialization of random values to a known value, which leads to unauthorized authentication to amzn.lightning services.

This issue affects:

Amazon Fire TV Stick 3rd gen versions prior to 6.2.9.5.
Insignia TV with FireOS 7.6.3.3.

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "Fire TV Stick 3rd gen",
    "vendor": "Amazon",
    "versions": [
      {
        "status": "affected",
        "version": "6.2.9.4"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "TV with FireOS ",
    "vendor": "Insignia",
    "versions": [
      {
        "status": "affected",
        "version": "7.6.3.2"
      }
    ]
  }
]

References

www.bitdefender.com/blog/labs/vulnerabilities-identified-amazon-fire-tv-stick-insignia-fire-os-tv-series/

7.1 High

CVSS3

Attack Vector

ADJACENT

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N

8.9 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

22.7%

JSON

Related for CVELIST:CVE-2023-1385