CVE-2024-8357

CVSS 3.1 Score 7.8 of 10 (high)

Details

Published Nov 22, 2024
Updated: Dec 11, 2024
CWE ID 1326

Summary

CVE-2024-8357 is a local privilege escalation vulnerability affecting Visteon Infotainment systems. The issue arises from the absence of an immutable root of trust in the hardware configuration of the application system-on-chip (SoC). This vulnerability enables attackers to bypass the existing authentication mechanism and escalate privileges, ultimately gaining the ability to execute arbitrary code during the boot process. Although authentication is required to exploit this weakness, the authentication mechanism itself can be bypassed. This vulnerability, originally identified as ZDI-CAN-23759, poses a significant risk to affected installations.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share

Affected Products

  • Visteon Infotainment

Affected Vendors

  • Visteon Corp.