CVE-2024-8359

CVSS 3.1 Score 6.8 of 10 (medium)

Details

Published Nov 22, 2024
Updated: Dec 11, 2024
CWE ID 78

Summary

CVE-2024-8359 is a remote code execution vulnerability affecting Visteon Infotainment systems. The issue lies in the REFLASH_DDU_FindFile function where a crafted software update file can trigger execution of a maliciously constructed system call. attackers who have physical access to the systems can exploit this vulnerability without requiring authentication. Consequently, they can execute arbitrary code in the context of the device. This vulnerability was reported to Zero Day Initiative as ZDI-CAN-23420.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share

Affected Products

  • Visteon Infotainment

Affected Vendors

  • Visteon Corp.