CVE-2023-48248
CVSS 3.1 Score 5.4 of 10 (medium)
Details
Published Jan 10, 2024
Updated: Jan 17, 2024
CWE ID 79
Summary
CVE-2023-48248 is a newly disclosed vulnerability that enables authenticated attackers to upload malicious files to an SD card. These malicious files can contain client-side script code that is executed within a victim's session. An attacker can exploit this issue through a crafted URL, an HTTP request, or even by waiting for the victim to view the poisoned file. This vulnerability poses a significant risk as it allows for code injection and potential session hijacking.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Share
Affected Vendors
- Bosch