CVE-2024-27350

Опубликовано: 26 фев. 2024

Источник: nvd

CVSS3: 5.9

EPSS Низкий

Описание

Amazon Fire OS 7 before 7.6.6.9 and 8 before 8.1.0.3 allows Fire TV applications to establish local ADB (Android Debug Bridge) connections. NOTE: some third parties dispute whether this has security relevance, because an ADB connection is only possible after the (non-default) ADB Debugging option is enabled, and after the initiator of that specific connection attempt has been approved via a full-screen prompt.

Ссылки

https://developer.amazon.com/docs/fire-tv/fire-os-overview.html
Product
https://news.ycombinator.com/item?id=39496861
Issue Tracking
https://www.aftvnews.com/amazon-blocks-long-running-fire-tv-capability-breaking-popular-apps-with-no-warning-and-giving-developers-the-runaround/
Exploit
Press/Media Coverage
Third Party Advisory
https://developer.amazon.com/docs/fire-tv/fire-os-overview.html
Product
https://news.ycombinator.com/item?id=39496861
Issue Tracking
https://www.aftvnews.com/amazon-blocks-long-running-fire-tv-capability-breaking-popular-apps-with-no-warning-and-giving-developers-the-runaround/
Exploit
Press/Media Coverage
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:o:amazon:fire_os:*:*:*:*:*:*:*:*

Версия от 7 (включая) до 7.6.6.9 (исключая)

cpe:2.3:o:amazon:fire_os:*:*:*:*:*:*:*:*

Версия от 8 (включая) до 8.1.0.3 (исключая)

EPSS

Процентиль: 15%

0.0005

Низкий

5.9 Medium

CVSS3

Дефекты

NVD-CWE-noinfo

Связанные уязвимости

GHSA-f49h-mjwq-cq8p