CVE-2023-50810

{"id": "CVE-2023-50810", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.0, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:H/A:L", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "HIGH", "confidentialityImpact": "LOW"}, "impactScore": 4.7, "exploitabilityScore": 1.2}]}, "published": "2024-08-12T13:38:12.023", "references": [{"url": "https://www.sonos.com/en-us/security-advisory-2024-0001", "source": "[email protected]"}], "vulnStatus": "Awaiting Analysis", "weaknesses": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "description": [{"lang": "en", "value": "CWE-94"}]}], "descriptions": [{"lang": "en", "value": "In certain Sonos products before Sonos S1 Release 11.12 and S2 release 15.9, a vulnerability exists in the U-Boot component of the firmware that allow persistent arbitrary code execution with Linux kernel privileges. A failure to correctly handle the return value of the setenv command can be used to override the kernel command-line parameters and ultimately bypass the Secure Boot implementation. This affects PLAY5 gen 2, PLAYBASE, PLAY:1, One, One SL, and Amp."}, {"lang": "es", "value": "En ciertos productos Sonos anteriores a Sonos S1 versi\u00f3n 11.12 y S2 versi\u00f3n 15.9, existe una vulnerabilidad en el componente U-Boot del firmware que permite la ejecuci\u00f3n persistente de c\u00f3digo arbitrario con privilegios del kernel de Linux. Si no se maneja correctamente el valor de retorno del comando setenv, se puede utilizar para anular los par\u00e1metros de la l\u00ednea de comandos del kernel y, en \u00faltima instancia, omitir la implementaci\u00f3n de arranque seguro. Esto afecta a PLAY5 gen 2, PLAYBASE, PLAY:1, One, One SL y Amp."}], "lastModified": "2024-08-23T15:35:03.107", "sourceIdentifier": "[email protected]"}