exploitDog

CVE-2022-24595

Опубликовано: 18 мар. 2022

Источник: nvd

CVSS3: 9.8

CVSS2: 7.5

EPSS Низкий

Описание

Automotive Grade Linux Kooky Koi 11.0.0, 11.0.1, 11.0.2, 11.0.3, 11.0.4, and 11.0.5 is affected by Incorrect Access Control in usr/bin/afb-daemon. To exploit the vulnerability, an attacker should send a well-crafted HTTP (or WebSocket) request to the socket listened by the afb-daemon process. No credentials nor user interactions are required.

Ссылки

https://youtu.be/E-ZTuWSg-JU
Exploit
Third Party Advisory
https://youtu.be/E-ZTuWSg-JU
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:automotivelinux:kooky_koi:*:*:*:*:*:*:*:*

Версия от 11.0.0 (включая) до 11.0.5 (включая)

EPSS

Процентиль: 86%

0.02717

Низкий

9.8 Critical

CVSS3

7.5 High

CVSS2

Дефекты

NVD-CWE-Other

Связанные уязвимости

GHSA-jgqg-v28q-jxgh

CVSS3: 9.8

github

почти 4 года назад

Automotive Grade Linux Kooky Koi 11.0.0, 11.0.1, 11.0.2, 11.0.3, 11.0.4, and 11.0.5 is affected by Incorrect Access Control in usr/bin/afb-daemon. To exploit the vulnerability, an attacker should send a well-crafted HTTP (or WebSocket) request to the socket listened by the afb-daemon process. No credentials nor user interactions are required.

EPSS

Процентиль: 86%

0.02717

Низкий

9.8 Critical

CVSS3

7.5 High

CVSS2

Дефекты

NVD-CWE-Other