fkie_cve-2023-45593
Vulnerability from fkie_nvd
Published
2024-03-05 12:15
Modified
2025-04-10 20:24
Severity ?
6.8 (Medium) - CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
6.8 (Medium) - CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
A CWE-184 “Incomplete List of Disallowed Inputs” vulnerability in the embedded Chromium browser (concerning the handling of alternative URLs, other than “ http://localhost” ) allows a physical attacker to read arbitrary files on the file system, alter the configuration of the embedded browser, and have other unspecified impacts to the confidentiality, integrity, and availability of the device. This issue affects: AiLux imx6 bundle below version imx6_1.0.7-2.
References
prodsec@nozominetworks.comhttps://www.nozominetworks.com/labs/vulnerability-advisories-cve-2023-45593Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.nozominetworks.com/labs/vulnerability-advisories-cve-2023-45593Third Party Advisory
Impacted products
Vendor Product Version
ailux imx6 *


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ailux:imx6:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "0AC8BA0D-1588-4072-8BEA-464B1E76AF80",
              "versionEndExcluding": "1.0.7-2",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "A CWE-184 \u201cIncomplete List of Disallowed Inputs\u201d vulnerability in the embedded Chromium browser (concerning the handling of alternative URLs, other than \u201c http://localhost\u201d ) allows a physical attacker to read arbitrary files on the file system, alter the configuration of the embedded browser, and have other unspecified impacts to the confidentiality, integrity, and availability of the device. This issue affects: AiLux imx6 bundle below version imx6_1.0.7-2."
    },
    {
      "lang": "es",
      "value": "Una vulnerabilidad CWE-693 de \u201cFallo del mecanismo de protecci\u00f3n\u201d en el navegador Chromium integrado (relacionada con el manejo de URL alternativas, distintas de \u201chttp://localhost\u201d http://localhost\u201d) permite a un atacante f\u00edsico leer archivos arbitrarios en el archivo sistema, alterar la configuraci\u00f3n del navegador integrado y tener otros impactos no especificados en la confidencialidad, integridad y disponibilidad del dispositivo. Este problema afecta: Paquete AiLux imx6 inferior a la versi\u00f3n imx6_1.0.7-2."
    }
  ],
  "id": "CVE-2023-45593",
  "lastModified": "2025-04-10T20:24:58.750",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "PHYSICAL",
          "availabilityImpact": "HIGH",
          "baseScore": 6.8,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 0.9,
        "impactScore": 5.9,
        "source": "prodsec@nozominetworks.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "PHYSICAL",
          "availabilityImpact": "HIGH",
          "baseScore": 6.8,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 0.9,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2024-03-05T12:15:46.213",
  "references": [
    {
      "source": "prodsec@nozominetworks.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.nozominetworks.com/labs/vulnerability-advisories-cve-2023-45593"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.nozominetworks.com/labs/vulnerability-advisories-cve-2023-45593"
    }
  ],
  "sourceIdentifier": "prodsec@nozominetworks.com",
  "vulnStatus": "Analyzed",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-184"
        }
      ],
      "source": "prodsec@nozominetworks.com",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.