exploitDog

CVE-2023-45594

Опубликовано: 05 мар. 2024

Источник: nvd

CVSS3: 6.8

EPSS Низкий

Описание

A CWE-552 “Files or Directories Accessible to External Parties” vulnerability in the embedded Chromium browser allows a physical attacker to arbitrarily download/upload files to/from the file system, with unspecified impacts to the confidentiality, integrity, and availability of the device. This issue affects: AiLux imx6 bundle below version imx6_1.0.7-2.

Ссылки

https://www.nozominetworks.com/labs/vulnerability-advisories-cve-2023-45594
Third Party Advisory
https://www.nozominetworks.com/labs/vulnerability-advisories-cve-2023-45594
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:ailux:imx6:*:*:*:*:*:*:*:*

Версия до 1.0.7-2 (исключая)

EPSS

Процентиль: 23%

0.00079

Низкий

6.8 Medium

CVSS3

Дефекты

CWE-552

CWE-552

Связанные уязвимости

GHSA-x749-jjp7-3hjp

CVSS3: 6.8

github

почти 2 года назад

A CWE-552 “Files or Directories Accessible to External Parties” vulnerability in the embedded Chromium browser allows a physical attacker to arbitrarily download/upload files to/from the file system, with unspecified impacts to the confidentiality, integrity, and availability of the device. This issue affects: AiLux imx6 bundle below version imx6_1.0.7-2.

EPSS

Процентиль: 23%

0.00079

Низкий

6.8 Medium

CVSS3

Дефекты

CWE-552

CWE-552