CVE-2022-24046

EPSS 7.42%
Veröffentlicht 18.02.2022 20:15:17
Zuletzt bearbeitet 21.11.2024 06:49:43
Quelle zdi-disclosures@trendmicro.com
CVE-Watchlists
Login
Unerledigt
Login

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Sonos One Speaker prior to 3.4.1 (S2 systems) and 11.2.13 build 57923290 (S1 systems). Authentication is not required to exploit this vulnerability. The specific flaw exists within the anacapd daemon. The issue results from the lack of proper validation of user-supplied data, which can result in an integer underflow before writing to memory. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-15828.

Betroffene Produkte Warnungen 0 Metriken 4 CWE 1 Referenzen 4

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Sonos ≫ S1 Version < 11.2.13

Sonos ≫ One Version-

Sonos ≫ S2 Version < 3.4.1

Sonos ≫ One Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	7.42%	0.913

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	8.8	2.8	5.9	CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov	8.3	6.5	10	AV:A/AC:L/Au:N/C:C/I:C/A:C
zdi-disclosures@trendmicro.com	9.8	3.9	5.9	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE-191 Integer Underflow (Wrap or Wraparound)

The product subtracts one value from another, such that the result is less than the minimum allowable integer value, which produces a value that is not equal to the correct result.

https://www.zerodayinitiative.com/advisories/ZDI-22-260/

Third Party Advisory

VDB Entry

https://nvd.nist.gov/vuln/detail/CVE-2022-24046

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2022-24046

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2022-24046

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2022-24046