CVE-2024-8357
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
Visteon Infotainment App SoC Missing Immutable Root of Trust in Hardware Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Visteon Infotainment systems. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed.
The specific flaw exists within the configuration of the application system-on-chip (SoC). The issue results from the lack of properly configured hardware root of trust. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of the boot process. Was ZDI-CAN-23759.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Visteon | Infotainment | cmu150_NA_74.00.324A | affected |
Weaknesses
- CWE-1326: CWE-1326: Missing Immutable Root of Trust in Hardware
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: no
- Technical Impact: total
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.