PT-2023-29219 · Home Assistant · Home Assistant Companion

Pwntester

Publicado

2023-10-19

Atualizado

2023-10-26

CVE-2023-44385

CVSS v3.1

8.6

Alta

Vetor

AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Home Assistant Companion for iOS and macOS versions up to 2023.4

Description The issue allows attackers to send malicious links or QRs to victims, which can lead to calling arbitrary services in their Home Assistant installation. This can result in full compromise and remote code execution (RCE) when combined with other security advisories.

Recommendations For versions up to 2023.4, upgrade to version 2023.7 to address this issue. At the moment, there is no information about other workarounds for this vulnerability.

Exploit

Correção

CSRF

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-352

Identificadores relacionados

CVE-2023-44385

GHSA-H2JP-7GRC-9XPP

Produtos afetados

Home Assistant Companion

PT-2023-29219 · Home Assistant · Home Assistant Companion

CVE-2023-44385

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 7