CVE-2023-6317

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2023-6317
A prompt bypass exists in the secondscreen.gateway service running on webOS version 4 through 7. An attacker can create a privileged account without asking the user for the security PIN.  Full versions and TV models affected: webOS 4.9.7 - 5.30.40 running on LG43UM7000PLA webOS 5.5.0 - 04.50.51 running on OLED55CXPUA webOS 6.3.3-442 (kisscurl-kinglake) - 03.36.50 running on OLED48C1PUB   webOS 7.3.1-43 (mullet-mebin) - 03.33.85 running on OLED55A23LA

7.2 /10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 2.7

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact LOW

Integrity Impact LOW

Availability Impact NONE

Scope CHANGED

References
Link Resource
https://bitdefender.com/blog/labs/vulnerabilities-identified-in-lg-webos/
https://lgsecurity.lge.com/bulletins/tv#updateDetails
Configurations

No configuration.

History

18 Apr 2024, 08:15

Type Values Removed Values Added
References
  • () https://lgsecurity.lge.com/bulletins/tv#updateDetails -
Summary
  • (es) Existe una omisión rápida en el servicio secondscreen.gateway que se ejecuta en webOS versión 4 a 7. Un atacante puede crear una cuenta privilegiada sin pedirle al usuario el PIN de seguridad. Versiones completas y modelos de TV afectados: webOS 4.9.7 - 5.30.40 ejecutándose en LG43UM7000PLA webOS 5.5.0 - 04.50.51 ejecutándose en OLED55CXPUA webOS 6.3.3-442 (kisscurl-kinglake) - 03.36.50 ejecutándose en OLED48C1PUB webOS 7.3. 1-43 (mullet-mebin) - 33.03.85 ejecutándose en OLED55A23LA

09 Apr 2024, 14:15

Type Values Removed Values Added
New CVE
Information

Published : 2024-04-09 14:15

Updated : 2024-04-18 08:15

NVD link : CVE-2023-6317

Mitre link : CVE-2023-6317

CVE.ORG link : CVE-2023-6317

JSON object : View

Products Affected

No product.

CWE
CWE-639

Authorization Bypass Through User-Controlled Key