7.6

CVE-2023-33248

Exploit

Amazon Alexa software version 8960323972 on Echo Dot 2nd generation and 3rd generation devices potentially allows attackers to deliver security-relevant commands via an audio signal between 16 and 22 kHz (often outside the range of human adult hearing). Commands at these frequencies are essentially never spoken by authorized actors, but a substantial fraction of the commands are successful.

Data is provided by the National Vulnerability Database (NVD)
AmazonAlexa Version8960323972
   AmazonEcho Dot Version- Edition2nd_gen
   AmazonEcho Dot Version- Edition3rd_gen
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Type Source Score Percentile
EPSS FIRST.org 0.07% 0.221
CVSS Metriken
Source Base Score Exploit Score Impact Score Vector string
nvd@nist.gov 7.6 2.1 5.5
CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:L/I:H/A:H
134c704f-9b21-4f2e-91b3-4a467353bcc0 7.6 2.1 5.5
CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:L/I:H/A:H
https://arxiv.org/abs/2305.10358
Third Party Advisory
https://cios2023.org/papers
Third Party Advisory
https://github.com/reveondivad/nuance
Third Party Advisory
Exploit
https://www.usenix.org/system/files/sec23fall-prepub-261-xia-qi.pdf
Third Party Advisory
Exploit
Technical Description
https://youtu.be/3gEc5ZFWIWo
Third Party Advisory
Exploit
Technical Description