CVE-2023-1383

Опубликовано: 03 мая 2023

Источник: nvd

CVSS3: 5.4

CVSS3: 4.3

EPSS Низкий

Описание

An Improper Enforcement of Behavioral Workflow vulnerability in the exchangeDeviceServices function on the amzn.dmgr service allowed an attacker to register services that are only locally accessible.

This issue affects:

Amazon Fire TV Stick 3rd gen versions prior to 6.2.9.5. Insignia TV with FireOS versions prior to 7.6.3.3.

Ссылки

https://www.bitdefender.com/blog/labs/vulnerabilities-identified-amazon-fire-tv-stick-insignia-fire-os-tv-series/
Third Party Advisory
https://www.bitdefender.com/blog/labs/vulnerabilities-identified-amazon-fire-tv-stick-insignia-fire-os-tv-series/
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

Одновременно

cpe:2.3:o:amazon:fire_os:*:*:*:*:*:*:*:*

Версия до 6.2.9.5 (исключая)

cpe:2.3:h:amazon:fire_tv_stick_3rd_gen:-:*:*:*:*:*:*:*

Конфигурация 2

Одновременно

cpe:2.3:o:amazon:fire_os:*:*:*:*:*:*:*:*

Версия до 7.6.3.3 (исключая)

cpe:2.3:h:bestbuy:insignia_tv:-:*:*:*:*:*:*:*

EPSS

Процентиль: 24%

0.00081

Низкий

5.4 Medium

CVSS3

4.3 Medium

CVSS3

Дефекты

CWE-841

NVD-CWE-Other

Связанные уязвимости

GHSA-j72m-jwmc-pqv8

CVSS3: 5.4

github

почти 3 года назад

An Improper Enforcement of Behavioral Workflow vulnerability in the exchangeDeviceServices function on the amzn.dmgr service allowed an attacker to register services that are only locally accessible. This issue affects: Amazon Fire TV Stick 3rd gen versions prior to 6.2.9.5. Insignia TV with FireOS versions prior to 7.6.3.3.

EPSS

Процентиль: 24%

0.00081

Низкий

5.4 Medium

CVSS3

4.3 Medium

CVSS3

Дефекты

CWE-841

NVD-CWE-Other