CVE-2023-50810

In certain Sonos products before Sonos S1 Release 11.12 and S2 release 15.9, a vulnerability exists in the U-Boot component of the firmware that allow persistent arbitrary code execution with Linux kernel privileges. A failure to correctly handle the return value of the setenv command can be used to override the kernel command-line parameters and ultimately bypass the Secure Boot implementation. This affects PLAY5 gen 2, PLAYBASE, PLAY:1, One, One SL, and Amp.

CVSS v3 6.0 MEDIUM

6.0^/10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 1.2 / Impact : 4.7

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required HIGH

User Interaction NONE

Confidentiality Impact LOW

Integrity Impact HIGH

Availability Impact LOW

Scope UNCHANGED

References

Link	Resource
https://www.sonos.com/en-us/security-advisory-2024-0001

Configurations

No configuration.

History

23 Aug 2024, 15:35

Type	Values Removed	Values Added
CWE		CWE-94
Summary		(es) En ciertos productos Sonos anteriores a Sonos S1 versión 11.12 y S2 versión 15.9, existe una vulnerabilidad en el componente U-Boot del firmware que permite la ejecución persistente de código arbitrario con privilegios del kernel de Linux. Si no se maneja correctamente el valor de retorno del comando setenv, se puede utilizar para anular los parámetros de la línea de comandos del kernel y, en última instancia, omitir la implementación de arranque seguro. Esto afecta a PLAY5 gen 2, PLAYBASE, PLAY:1, One, One SL y Amp.
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 6.0

12 Aug 2024, 13:41

Type	Values Removed	Values Added
New CVE

Information

Published : 2024-08-12 13:38

Updated : 2024-08-23 15:35

NVD link : CVE-2023-50810

Mitre link : CVE-2023-50810

CVE.ORG link : CVE-2023-50810

JSON object : View

Products Affected

No product.

CWE

CWE-94

Improper Control of Generation of Code ('Code Injection')

6.0 /10