CVE-2023-27354
Published Apr 20, 2023
Last updated 2 years ago
Overview
- Description
- This vulnerability allows network-adjacent attackers to disclose sensitive information on affected installations of Sonos One Speaker 70.3-35220. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of the SMB directory query command. The issue results from the lack of proper validation of user-supplied data, which can result in an integer overflow before reading from memory. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of root. Was ZDI-CAN-19727.
- Source
- zdi-disclosures@trendmicro.com
- NVD status
- Analyzed
Risk scores
CVSS 3.1
- Type
- Primary
- Base score
- 6.5
- Impact score
- 3.6
- Exploitability score
- 2.8
- Vector string
- CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
- Severity
- MEDIUM
CVSS 3.0
- Type
- Secondary
- Base score
- 5.4
- Impact score
- 2.5
- Exploitability score
- 2.8
- Vector string
- CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L
- Severity
- MEDIUM
Weaknesses
- zdi-disclosures@trendmicro.com
- CWE-190
Social media
- Hype score
- Not currently trending
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:sonos:one_firmware:70.3-35220:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "8EE4A7E8-95A0-494F-B183-0F89251A648F"
}
],
"operator": "OR"
},
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:h:sonos:one:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "EDEFE769-D51B-4ED0-818F-DF1321164AA2"
}
],
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:sonos:s1:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "CCD7FC41-7174-40FF-9F79-F6D1F886B35E",
"versionEndExcluding": "11.7.1"
},
{
"criteria": "cpe:2.3:a:sonos:s2:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "5071BA4F-7418-438F-8B5F-3956B18C7AD0",
"versionEndExcluding": "15.1"
}
],
"operator": "OR"
}
]
}
]