CVE-2024-8357
Dec. 11, 2024, 4:05 a.m.
Tags
CVSS Score
Products Impacted
Vendor | Product | Versions |
---|---|---|
visteon |
|
|
Description
Visteon Infotainment App SoC Missing Immutable Root of Trust in Hardware Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Visteon Infotainment systems. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the configuration of the application system-on-chip (SoC). The issue results from the lack of properly configured hardware root of trust. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of the boot process. Was ZDI-CAN-23759.
Weaknesses
CWE-1326
Missing Immutable Root of Trust in Hardware
A missing immutable root of trust in the hardware results in the ability to bypass secure boot or execute untrusted or adversarial boot code.
CWE ID: 1326Date
Published: Nov. 22, 2024, 10:15 p.m.
Last Modified: Dec. 11, 2024, 4:05 a.m.
Status : Analyzed
CVE has been recently published to the CVE List and has been received by the NVD.
More infoSource
zdi-disclosures@trendmicro.com
CPEs
Type | Vendor | Product | Version | Update | Edition | Language | Software Edition | Target Software | Target Hardware | Other Information |
---|---|---|---|---|---|---|---|---|---|---|
a | visteon | infotainment | cmu150_na_74.00.324a | / | / | / | / | / | / | / |
CVSS Data
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
Base Score
Exploitability Score
Impact Score
Base Severity
HIGHCVSS Vector String
The CVSS vector string provides an in-depth view of the vulnerability metrics.
View Vector StringCVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H