Sign-up

ID

VAR-202401-0701


CVE

CVE-2023-48419


TITLE

plural  Google  Product vulnerabilities

Trust: 0.8

sources: JVNDB: JVNDB-2023-024616

DESCRIPTION

An attacker in the wifi vicinity of a target Google Home can spy on the victim, resulting in Elevation of Privilege  . nest audio firmware, nest mini firmware, home mini firmware etc. Google There are unspecified vulnerabilities in the product.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state

Trust: 1.71

sources: NVD: CVE-2023-48419 // JVNDB: JVNDB-2023-024616 // VULMON: CVE-2023-48419

AFFECTED PRODUCTS

vendor:googlemodel:nest miniscope:ltversion:2.58

Trust: 1.0

vendor:googlemodel:homescope:ltversion:2.58

Trust: 1.0

vendor:googlemodel:nest audioscope:ltversion:2.58

Trust: 1.0

vendor:googlemodel:home miniscope:ltversion:2.58

Trust: 1.0

vendor:googlemodel:nest miniscope: - version: -

Trust: 0.8

vendor:googlemodel:home miniscope: - version: -

Trust: 0.8

vendor:googlemodel:homescope: - version: -

Trust: 0.8

vendor:googlemodel:nest audioscope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2023-024616 // NVD: CVE-2023-48419

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2023-48419
value: CRITICAL

Trust: 1.0

dsap-vuln-management@google.com: CVE-2023-48419
value: CRITICAL

Trust: 1.0

NVD: CVE-2023-48419
value: CRITICAL

Trust: 0.8

nvd@nist.gov: CVE-2023-48419
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.1

Trust: 1.0

dsap-vuln-management@google.com: CVE-2023-48419
baseSeverity: CRITICAL
baseScore: 10.0
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: CHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 6.0
version: 3.1

Trust: 1.0

NVD: CVE-2023-48419
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: JVNDB: JVNDB-2023-024616 // NVD: CVE-2023-48419 // NVD: CVE-2023-48419

PROBLEMTYPE DATA

problemtype:NVD-CWE-noinfo

Trust: 1.0

problemtype:CWE-269

Trust: 1.0

problemtype:Lack of information (CWE-noinfo) [NVD evaluation ]

Trust: 0.8

sources: JVNDB: JVNDB-2023-024616 // NVD: CVE-2023-48419

EXTERNAL IDS

db:NVDid:CVE-2023-48419

Trust: 2.7

db:JVNDBid:JVNDB-2023-024616

Trust: 0.8

db:VULMONid:CVE-2023-48419

Trust: 0.1

sources: VULMON: CVE-2023-48419 // JVNDB: JVNDB-2023-024616 // NVD: CVE-2023-48419

REFERENCES

url:https://support.google.com/product-documentation/answer/14273332?hl=en&ref_topic=12974021&sjid=4533873659772963473-na#zippy=%2cspeakers

Trust: 1.9

url:https://nvd.nist.gov/vuln/detail/cve-2023-48419

Trust: 0.8

url:https://nvd.nist.gov

Trust: 0.1

sources: VULMON: CVE-2023-48419 // JVNDB: JVNDB-2023-024616 // NVD: CVE-2023-48419

SOURCES

db:VULMONid:CVE-2023-48419
db:JVNDBid:JVNDB-2023-024616
db:NVDid:CVE-2023-48419

LAST UPDATE DATE

2024-08-14T14:09:36.795000+00:00


SOURCES UPDATE DATE

db:VULMONid:CVE-2023-48419date:2024-01-02T00:00:00
db:JVNDBid:JVNDB-2023-024616date:2024-02-01T02:48:00
db:NVDid:CVE-2023-48419date:2024-01-09T15:36:14.850

SOURCES RELEASE DATE

db:VULMONid:CVE-2023-48419date:2024-01-02T00:00:00
db:JVNDBid:JVNDB-2023-024616date:2024-02-01T00:00:00
db:NVDid:CVE-2023-48419date:2024-01-02T19:15:11.280