CVE-2022-25809

Опубликовано: 24 фев. 2022

Источник: nvd

CVSS3: 9.8

CVSS2: 9

EPSS Низкий

Описание

Improper Neutralization of audio output from 3rd and 4th Generation Amazon Echo Dot devices allows arbitrary voice command execution on these devices via a malicious skill (in the case of remote attackers) or by pairing a malicious Bluetooth device (in the case of physically proximate attackers), aka an "Alexa versus Alexa (AvA)" attack.

Ссылки

https://arxiv.org/abs/2202.08619
Exploit
Technical Description
Third Party Advisory
https://arxiv.org/abs/2202.08619
Exploit
Technical Description
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

Одновременно

cpe:2.3:o:amazon:echo_dot_firmware:-:*:*:*:*:*:*:*

Одно из

cpe:2.3:h:amazon:echo_dot:3.0:*:*:*:*:*:*:*

cpe:2.3:h:amazon:echo_dot:4.0:*:*:*:*:*:*:*

EPSS

Процентиль: 92%

0.07447

Низкий

9.8 Critical

CVSS3

9 Critical

CVSS2

Дефекты

NVD-CWE-Other

Связанные уязвимости

GHSA-pp6c-vpf6-h727