CVE-2023-27352

2023-04-2000:00:00

CWE-416

zdi

www.cve.org

network-adjacent attackers

arbitrary code execution

sonos one speaker

smb directory query

lack of validation

root context

zdi-can-19845

cve-2023-27352

CVSS3

8.8

Attack Vector

ADJACENT

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS

0.001

Percentile

45.8%

JSON

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Sonos One Speaker 70.3-35220. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of the SMB directory query command. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-19845.

CNA Affected

[
  {
    "vendor": "Sonos",
    "product": "One Speaker",
    "versions": [
      {
        "version": "70.3-35220",
        "status": "affected"
      }
    ]
  }
]