CVE-2024-8357
CVSS 3.1 Score 7.8 of 10 (high)
Details
Summary
CVE-2024-8357 is a local privilege escalation vulnerability affecting Visteon Infotainment systems. The issue arises from the absence of an immutable root of trust in the hardware configuration of the application system-on-chip (SoC). This vulnerability enables attackers to bypass the existing authentication mechanism and escalate privileges, ultimately gaining the ability to execute arbitrary code during the boot process. Although authentication is required to exploit this weakness, the authentication mechanism itself can be bypassed. This vulnerability, originally identified as ZDI-CAN-23759, poses a significant risk to affected installations.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Affected Products
- Visteon Infotainment
Affected Vendors
- Visteon Corp.