How severe is CVE-2024-23972?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 6.8 out of 10.

What type of vulnerability is CVE-2024-23972?

This is classified as CWE-120, which is a common weakness in software security.

CVE-2024-23972 - MEDIUM Severity | CVSS 6.8

Vulnerability Description

Sony XAV-AX5500 USB Configuration Descriptor Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows physically present attackers to execute arbitrary code on affected installations of Sony XAV-AX5500 devices. Authentication is not required to exploit this vulnerability. The specific flaw exists within the USB host driver. A crafted USB configuration descriptor can trigger an overflow of a fixed-length buffer. An attacker can leverage this vulnerability to execute code in the context of the device. Was ZDI-CAN-23185

Related Vulnerabilities

CVE-2009-4067

MEDIUM

CVSS:6.8(Medium)

Buffer overflow in the auerswald_probe function in the Auerswald Linux USB driver for the Linux kernel before 2.6.27 allows physically proximate attackers to execute arbitrary code, cause a denial of ...

CWE-1202009

CVE-2014-8271

MEDIUM

CVSS:6.8(Medium)

Buffer overflow in the Reclaim function in Tianocore EDK2 before SVN 16280 allows physically proximate attackers to gain privileges via a long variable name.

CWE-1202014

CVE-2017-18707

MEDIUM

CVSS:6.8(Medium)

Certain NETGEAR devices are affected by a buffer overflow by an authenticated user. This affects R8300 before 1.0.2.106 and R8500 before 1.0.2.106.

CWE-1202017

CVE-2017-18770

MEDIUM

CVSS:6.8(Medium)

Certain NETGEAR devices are affected by a buffer overflow by an authenticated user. This affects R7800 before 1.0.2.36, PLW1000v2 before 1.0.0.14, and PLW1010v2 before 1.0.0.14.

CWE-1202017

CVE-2018-17773

MEDIUM

CVSS:6.8(Medium)

Ingenico Telium 2 POS terminals have a buffer overflow via SOCKET_TASK in the NTPT3 protocol. This is fixed in Telium 2 SDK v9.32.03 patch N.

CWE-1202018

CVE-2018-21151

MEDIUM

CVSS:6.8(Medium)

Certain NETGEAR devices are affected by a buffer overflow by an authenticated user. This affects D7800 before 1.0.1.34, R7500v2 before 1.0.3.26, R7800 before 1.0.2.42, R8900 before 1.0.3.10, R9000 bef...

CWE-1202018