CVE-2023-45593

A CWE-184 Incomplete List of Disallowed Inputs vulnerability in the embedded Chromium browser (concerning the handling of alternative URLs, other than  http://localhost ) allows a physical attacker to read arbitrary files on the file system, alter the configuration of the embedded browser, and have other unspecified impacts to the confidentiality, integrity, and availability of the device. This issue affects: AiLux imx6 bundle below version imx6_1.0.7-2.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
6.8 MEDIUM
PHYSICAL
LOW
NONE
CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
NozomiCNA
6.8 MEDIUM
PHYSICAL
LOW
NONE
CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CVEADP
---
---
CISA-ADPADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 29%
VendorProductVersion
ailuximx6_bundle
𝑥
< 1.0.7-2
ailuximx6
𝑥
< 1.0.7-2
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://www.nozominetworks.com/labs/vulnerability-advisories-cve-2023-45593
https://www.nozominetworks.com/labs/vulnerability-advisories-cve-2023-45593