CVE-2024-8356

CVSS 3.1 Score 7.8 of 10 (high)

Details

Published Nov 22, 2024
Updated: Dec 11, 2024
CWE ID 345

Summary

CVE-2024-8356 is a local privilege escalation vulnerability affecting Visteon Infotainment systems. The flaw, which is similar to ZDI-CAN-23758, lies within the firmware update process of the VIP microcontroller. An attacker must initially gain the ability to execute low-privileged code on the target system to exploit this vulnerability. The vulnerability arises from insufficient validation of data authenticity during the firmware update process, enabling an attacker to escalate privileges and execute arbitrary code in the context of the VIP MCU.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share

Affected Products

  • Visteon Infotainment

Affected Vendors

  • Visteon Corp.