← volver
CVE-2023-23299

CVE-2023-23299

EPSS 0.8%CWE-863
Vexday Risk Score
3Bajo
Decisión SSVC (CISA)
Track
Sin señal de explotación → monitorear
CVSS EPSS 0.8%KEV nãoPoC Nuclei Metasploit Patch
Ciclo de vida
23 may 2023Publicada en NVD
Recomendación: Monitorear — sin señal de explotación por ahora.
The permission system implemented and enforced by the GarminOS TVM component in CIQ API version 1.0.0 through 4.1.7 can be bypassed entirely. A malicious application with specially crafted code and data sections could access restricted CIQ modules, call their functions and disclose sensitive data such as user profile information and GPS coordinates, among others.
Productos afectados
n/a · n/a

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →
Referencias
https://developer.garmin.com/connect-iq/core-topics/manifest-and-permissions/https://github.com/anvilsecure/garmin-ciq-app-research/blob/main/advisories/CVE-2023-23299.md