Vulnerability Details : CVE-2023-33248
Amazon Alexa software version 8960323972 on Echo Dot 2nd generation and 3rd generation devices potentially allows attackers to deliver security-relevant commands via an audio signal between 16 and 22 kHz (often outside the range of human adult hearing). Commands at these frequencies are essentially never spoken by authorized actors, but a substantial fraction of the commands are successful.
Products affected by CVE-2023-33248
Exploit prediction scoring system (EPSS) score for CVE-2023-33248
0.07%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 30 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2023-33248
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
7.6
|
HIGH | CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:L/I:H/A:H |
2.1
|
5.5
|
NIST |
References for CVE-2023-33248
-
https://cios2023.org/papers
International Conference on Cloud, IoT and Security (CIOS 2023)Third Party Advisory
-
https://github.com/reveondivad/nuance
GitHub - reveondivad/nuance: Hardware and software matrix updated for near ultrasonic attack testingExploit;Third Party Advisory
-
https://www.usenix.org/system/files/sec23fall-prepub-261-xia-qi.pdf
Exploit;Technical Description;Third Party Advisory
-
https://arxiv.org/abs/2305.10358
[2305.10358] NUANCE: Near Ultrasound Attack On Networked Communication EnvironmentsThird Party Advisory
-
https://youtu.be/3gEc5ZFWIWo
Nuance Near Ultrasound Attack on Networked Communication Environments - YouTubeExploit;Technical Description;Third Party Advisory
-
https://sites.google.com/view/nuitattack/home
NUIT AttackThird Party Advisory
Jump to