CVE-2024-8359
CVSS 3.1 Score 6.8 of 10 (medium)
Details
Published Nov 22, 2024
Updated: Dec 11, 2024
CWE ID 78
Summary
CVE-2024-8359 is a remote code execution vulnerability affecting Visteon Infotainment systems. The issue lies in the REFLASH_DDU_FindFile function where a crafted software update file can trigger execution of a maliciously constructed system call. attackers who have physical access to the systems can exploit this vulnerability without requiring authentication. Consequently, they can execute arbitrary code in the context of the device. This vulnerability was reported to Zero Day Initiative as ZDI-CAN-23420.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Share
Affected Products
- Visteon Infotainment
Affected Vendors
- Visteon Corp.