CVE-2024-8360
CVSS 3.1 Score 6.8 of 10 (medium)
Details
Published Nov 22, 2024
Updated: Dec 4, 2024
CWE ID 78
Summary
CVE-2024-8360 is a remote code execution vulnerability affecting Visteon Infotainment systems. This issue allows physically present attackers to inject malicious code into affected installations via a crafted software update file. The REFLASH_DDU_ExtractFile function contains the flaw, which enables an attacker to trigger a system call using a user-supplied string. Authentication is not required for exploitation, making this vulnerability a significant threat. The Zero Day Initiative has assigned it the identifier ZDI-CAN-23421.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Share
Affected Products
- Visteon Infotainment
Affected Vendors
- Visteon Corp.