CVE-2023-51455

CVSS 3.1 Score 6.8 of 10 (medium)

Details

Published Apr 2, 2024
CWE ID 129

Summary

CVE-2023-51455 is an Improper Validation of Array Index vulnerability that affects DJI drone devices running the v2_sdk_service on port 10000. The vulnerability resides in the libv2_sdk.so library used by the dji_vtwo_sdk binary, specifically in the on_receive_session_packet_ack function. This flaw allows an attacker to corrupt a controlled memory location due to missing input validation, potentially leading to a memory information leak or arbitrary code execution. The affected drone models include Mavic 3 Pro, Mavic 3, Mavic 3 Classic, Mavic 3 Enterprise, Matrice 300, Matrice M30, and Mini 3 Pro. To remediate this vulnerability, users should update their affected drone models to the specified firmware versions. This vulnerability poses a medium risk with high integrity and confidentiality impacts as it could allow attackers to gain unauthorized access to sensitive information or execute malicious code on the affected devices.

Explore Beyond the CVE Basics with Recorded Future's Vulnerability Intelligence

Note: This is just a basic overview providing quick insights into CVE-2023-51455 information. Gain full access to comprehensive CVE data, risk scores, prioritization, and mitigation data through Recorded Future's Vulnerability Intelligence:
  • Prioritize with Risk-Based Scoring
  • Explore the Extensive Vulnerability Database
  • Receive Early Alerts on Emerging CVEs
  • Focus on Critical Exploitable Vulnerabilities
  • Streamline Remediation with Integration Options