CVE-2023-45593

A CWE-184 “Incomplete List of Disallowed Inputs” vulnerability in the embedded Chromium browser (concerning the handling of alternative URLs, other than “ http://localhost” ) allows a physical attacker to read arbitrary files on the file system, alter the configuration of the embedded browser, and have other unspecified impacts to the confidentiality, integrity, and availability of the device. This issue affects: AiLux imx6 bundle below version imx6_1.0.7-2.

CVSS v3 6.8 MEDIUM

6.8^/10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 0.9 / Impact : 5.9

Attack Vector PHYSICAL

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://www.nozominetworks.com/labs/vulnerability-advisories-cve-2023-45593
https://www.nozominetworks.com/labs/vulnerability-advisories-cve-2023-45593

Configurations

No configuration.

History

21 Nov 2024, 08:27

Type	Values Removed	Values Added
References	~~() https://www.nozominetworks.com/labs/vulnerability-advisories-cve-2023-45593 -~~	() https://www.nozominetworks.com/labs/vulnerability-advisories-cve-2023-45593 -

17 Oct 2024, 10:15

Type	Values Removed	Values Added
Summary	(en) A CWE-693 “Protection Mechanism Failure” vulnerability in the embedded Chromium browser (concerning the handling of alternative URLs, other than “ http://localhost” ) allows a physical attacker to read arbitrary files on the file system, alter the configuration of the embedded browser, and have other unspecified impacts to the confidentiality, integrity, and availability of the device. This issue affects: AiLux imx6 bundle below version imx6_1.0.7-2.	(en) A CWE-184 “Incomplete List of Disallowed Inputs” vulnerability in the embedded Chromium browser (concerning the handling of alternative URLs, other than “ http://localhost” ) allows a physical attacker to read arbitrary files on the file system, alter the configuration of the embedded browser, and have other unspecified impacts to the confidentiality, integrity, and availability of the device. This issue affects: AiLux imx6 bundle below version imx6_1.0.7-2.

30 Sep 2024, 10:15

Type	Values Removed	Values Added
CWE	~~CWE-693~~	CWE-184
Summary		(es) Una vulnerabilidad CWE-693 de “Fallo del mecanismo de protección” en el navegador Chromium integrado (relacionada con el manejo de URL alternativas, distintas de “http://localhost” http://localhost”) permite a un atacante físico leer archivos arbitrarios en el archivo sistema, alterar la configuración del navegador integrado y tener otros impactos no especificados en la confidencialidad, integridad y disponibilidad del dispositivo. Este problema afecta: Paquete AiLux imx6 inferior a la versión imx6_1.0.7-2.
Summary	(en) A CWE-693 “Protection Mechanism Failure” vulnerability in the embedded Chromium browser (concerning the handling of alternative URLs, other than “ http://localhost” http://localhost” ) allows a physical attacker to read arbitrary files on the file system, alter the configuration of the embedded browser, and have other unspecified impacts to the confidentiality, integrity, and availability of the device. This issue affects: AiLux imx6 bundle below version imx6_1.0.7-2.	(en) A CWE-693 “Protection Mechanism Failure” vulnerability in the embedded Chromium browser (concerning the handling of alternative URLs, other than “ http://localhost” ) allows a physical attacker to read arbitrary files on the file system, alter the configuration of the embedded browser, and have other unspecified impacts to the confidentiality, integrity, and availability of the device. This issue affects: AiLux imx6 bundle below version imx6_1.0.7-2.

05 Mar 2024, 12:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2024-03-05 12:15

Updated : 2024-11-21 08:27

NVD link : CVE-2023-45593

Mitre link : CVE-2023-45593

CVE.ORG link : CVE-2023-45593

JSON object : View

Products Affected

No product.

CWE

CWE-184

Incomplete List of Disallowed Inputs

6.8 /10