CVE-2023-50810

MEDIUM Year: 2023
CVSS v3 Score
6.0
Medium
Weakness Type
CWE-94
View all →

Vulnerability Description

In certain Sonos products before Sonos S1 Release 11.12 and S2 release 15.9, a vulnerability exists in the U-Boot component of the firmware that allow persistent arbitrary code execution with Linux kernel privileges. A failure to correctly handle the return value of the setenv command can be used to override the kernel command-line parameters and ultimately bypass the Secure Boot implementation. This affects PLAY5 gen 2, PLAYBASE, PLAY:1, One, One SL, and Amp.

Related Vulnerabilities

CVE-2021-33493

MEDIUM
CVSS:6.0(Medium)

The middleware component in OX App Suite through 7.10.5 allows Code Injection via Java classes in a YAML format.

CWE-942021

CVE-2022-23426

MEDIUM
CVSS:6.0(Medium)

A vulnerability using PendingIntent in DeX Home and DeX for PC prior to SMR Feb-2022 Release 1 allows attackers to access files with system privilege.

CWE-942022

CVE-2023-1367

MEDIUM
CVSS:6.0(Medium)

Code Injection in GitHub repository alextselegidis/easyappointments prior to 1.5.0.

CWE-942023

CVE-2024-20359

MEDIUM
CVSS:6.0(Medium)

A vulnerability in a legacy capability that allowed for the preloading of VPN clients and plug-ins and that has been available in Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower T...

CWE-942024

CVE-2024-29209

MEDIUM
CVSS:6.0(Medium)

A medium severity vulnerability has been identified in the update mechanism of the Phish Alert Button for Outlook, which could allow an attacker to remotely execute arbitrary code on the host machine....

CWE-942024

CVE-2024-32404

MEDIUM
CVSS:6.0(Medium)

Server-Side Template Injection (SSTI) vulnerability in inducer relate before v.2024.1, allows remote attackers to execute arbitrary code via a crafted payload to the Markup Sandbox feature.

CWE-942024