fkie_cve-2023-48419
Vulnerability from fkie_nvd
Published
2024-01-02 19:15
Modified
2024-11-21 08:31
Severity ?
10.0 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
An attacker in the wifi vicinity of a target Google Home can spy on the victim, resulting in Elevation of Privilege
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| nest_audio_firmware | * | ||
| nest_audio | - | ||
| nest_mini_firmware | * | ||
| nest_mini | - | ||
| home_mini_firmware | * | ||
| home_mini | - | ||
| home_firmware | * | ||
| home | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:google:nest_audio_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8BC3E49C-7958-4995-9507-4882EEF9A996",
"versionEndExcluding": "2.58",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:google:nest_audio:-:*:*:*:*:*:*:*",
"matchCriteriaId": "566C3508-EEDB-44CB-8C55-AED0C9EF4BAF",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:google:nest_mini_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CEBE76DC-96AA-4398-8C62-140D8A7E40D1",
"versionEndExcluding": "2.58",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:google:nest_mini:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4D380EB7-288F-420B-A971-CBDF91AEE8BF",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:google:home_mini_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9EC3FE7F-F34F-4555-A76C-D2BA93206776",
"versionEndExcluding": "2.58",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:google:home_mini:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A73E1447-91E8-42AC-9E24-E4CCB4AAA444",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:google:home_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "779FBB09-6F51-4FB3-873F-A6164E56D6F5",
"versionEndExcluding": "2.58",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:google:home:-:*:*:*:*:*:*:*",
"matchCriteriaId": "432EEFBF-0A5C-4271-A192-E25E60838844",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An attacker in the wifi vicinity of a target Google Home can spy on the victim, resulting in Elevation of Privilege\u00a0\n"
},
{
"lang": "es",
"value": "Un atacante en las proximidades wifi de un Google Home objetivo puede espiar a la v\u00edctima, lo que resulta en una elevaci\u00f3n de privilegios."
}
],
"id": "CVE-2023-48419",
"lastModified": "2024-11-21T08:31:40.703",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 10.0,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 6.0,
"source": "dsap-vuln-management@google.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2024-01-02T19:15:11.280",
"references": [
{
"source": "dsap-vuln-management@google.com",
"tags": [
"Vendor Advisory"
],
"url": "https://support.google.com/product-documentation/answer/14273332?hl=en\u0026ref_topic=12974021\u0026sjid=4533873659772963473-NA#zippy=%2Cspeakers"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://support.google.com/product-documentation/answer/14273332?hl=en\u0026ref_topic=12974021\u0026sjid=4533873659772963473-NA#zippy=%2Cspeakers"
}
],
"sourceIdentifier": "dsap-vuln-management@google.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-269"
}
],
"source": "dsap-vuln-management@google.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…
Loading…