CVE-2024-8356
CVSS 3.1 Score 7.8 of 10 (high)
Details
Published Nov 22, 2024
Updated: Dec 11, 2024
CWE ID 345
Summary
CVE-2024-8356 is a local privilege escalation vulnerability affecting Visteon Infotainment systems. The flaw, which is similar to ZDI-CAN-23758, lies within the firmware update process of the VIP microcontroller. An attacker must initially gain the ability to execute low-privileged code on the target system to exploit this vulnerability. The vulnerability arises from insufficient validation of data authenticity during the firmware update process, enabling an attacker to escalate privileges and execute arbitrary code in the context of the VIP MCU.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Share
Affected Products
- Visteon Infotainment
Affected Vendors
- Visteon Corp.