CVE-2023-6318

Published Apr 9, 2024

Last updated 3 months ago

CVSS critical 9.1

Overview

Description: A command injection vulnerability exists in the processAnalyticsReport method from the com.webos.service.cloudupload service on webOS version 5 through 7. A series of specially crafted requests can lead to command execution as the root user. An attacker can make authenticated requests to trigger this vulnerability. Full versions and TV models affected: * webOS 5.5.0 - 04.50.51 running on OLED55CXPUA * webOS 6.3.3-442 (kisscurl-kinglake) - 03.36.50 running on OLED48C1PUB * webOS 7.3.1-43 (mullet-mebin) - 03.33.85 running on OLED55A23LA
Source: cve-requests@bitdefender.com
NVD status: Analyzed

Risk scores

CVSS 3.1

Type: Primary
Base score: 7.2
Impact score: 5.9
Exploitability score: 1.2
Vector string: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Severity: HIGH

Weaknesses

cve-requests@bitdefender.com: CWE-78

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:lg:webos:5.5.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "60222A18-12F9-4A88-8F06-FB7C5EC8B453"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:lg:oled55cxpua:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "8735748A-192A-4CBD-A596-1604940B9F3D"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:lg:webos:6.3.3-442:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E5BAD119-46CA-4E42-9976-CE33CBBFE00A"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:lg:oled48c1pub:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "6CD5B994-8D07-49D5-967C-9C7DFD9DABFD"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:lg:webos:7.3.1-43:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "4D024759-5D9D-405A-9BB7-8F8FEE904100"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:lg:oled55a23la:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "FE4C787C-2EC8-4D3E-B3CA-49472E638A68"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  }
]

References

Sources include official advisories and independent security research.

Overview

Risk scores

CVSS 3.1

Weaknesses

Social media

Configurations

References