Insufficient verification of data authenticity in XAV-AX5500 - CVE-2024-23922

 

Insufficient verification of data authenticity in XAV-AX5500 - CVE-2024-23922

Published: June 24, 2024 / Updated: June 24, 2024


Vulnerability identifier: #VU93089
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2024-23922
CWE-ID: CWE-345
Exploitation vector: Local access
Exploit availability: No public exploit available
Vendor: Sony Corporation
Affected software:
XAV-AX5500

Detailed vulnerability description

The vulnerability allows a local attacker to compromise the target system.

The vulnerability exists due to the lack of proper validation of software update packages. An attacker with physical access can execute arbitrary code on the target device.


How to mitigate CVE-2024-23922

Install updates from vendor's website.

Sources