David Berard

**Name of the Vulnerable Software and Affected Versions** Tesla Model 3 (affected versions not specified) **Description** This issue allows local attackers to escalate privileges on affected Tesla Model 3 vehicles. An attacker must first obtain the ability to execute code on the wifi subsystem in order to exploit this issue. The specific flaw exists within the bcmdhd driver, resulting from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated buffer. An attacker can leverage this issue to escalate privileges and execute arbitrary code in the context of the kernel. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** Tesla Model 3 (affected versions not specified) **Description** This issue allows network-adjacent attackers to execute arbitrary code on affected vehicles. The flaw exists within the handling of firmware updates, resulting from improper error-handling during the update process. An attacker can leverage this issue to execute code in the context of Tesla's Gateway ECU. The attacker must first obtain the ability to execute privileged code on the Tesla infotainment system. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Tesla Model 3 (affected versions not specified) **Description** This issue allows network-adjacent attackers to execute arbitrary code on affected Tesla Model 3 vehicles. An attacker must first obtain the ability to pair a malicious Bluetooth device with the target system in order to exploit this issue. The specific flaw exists within the bsa server process, resulting from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length heap-based buffer. An attacker can leverage this issue to execute code in the context of an unprivileged user in a sandboxed process. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** Sonos One Speaker versions prior to 3.4.1 (S2 systems) Sonos One Speaker versions prior to 11.2.13 build 57923290 (S1 systems) **Description** This issue allows remote attackers to execute arbitrary code on affected installations. Authentication is not required to exploit this issue. The specific flaw exists within the ALAC audio codec, resulting from the lack of proper validation of the length of user-supplied data prior to copying it to a stack-based buffer. An attacker can leverage this issue to execute code in the context of root. **Recommendations** For versions prior to 3.4.1 (S2 systems), update to version 3.4.1 or later. For versions prior to 11.2.13 build 57923290 (S1 systems), update to version 11.2.13 build 57923290 or later. As a temporary workaround, consider disabling the ALAC audio codec until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Lexmark devices (affected versions not specified) **Description** The initial admin account setup wizard on Lexmark devices allows unauthenticated access to the "out of service erase" feature. This issue may be related to an unprotected API, potentially leading to remote code execution. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Lexmark devices (affected versions not specified) **Description** The issue is related to an embedded web server command injection vulnerability. This vulnerability was identified in Lexmark devices through 2021-12-07. There is no information provided about the estimated number of potentially affected devices worldwide or details about real-world incidents where this issue was exploited. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Dell EMC ScaleIO versions prior to 2.5 **Description** The issue concerns improper restriction of excessive authentication attempts on the Light installation Agent (LIA), a component used for central management of ScaleIO nodes and deployed on every server in the ScaleIO cluster. A remote malicious user with network access to LIA could potentially exploit this to launch brute force guessing of user names and passwords of user accounts on the LIA. **Recommendations** For versions prior to 2.5, update to version 2.5 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Dell EMC ScaleIO versions prior to 2.5 **Description** The issue arises from improper handling of certain packet data in the MDM service, allowing a remote attacker to potentially send crafted packet data that could cause the MDM service to crash. **Recommendations** For versions prior to 2.5, update to version 2.5 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** EMC ScaleIO version 2.0.1.x **Description** An issue was discovered where a support script in a Linux environment saves the credentials of the ScaleIO MDM user in clear text in temporary log files. These temporary files may be read by an unprivileged user with access to the server to recover exposed credentials. **Recommendations** For EMC ScaleIO version 2.0.1.x, consider restricting access to the temporary log files generated by the support script to prevent unauthorized users from reading the exposed credentials. As a temporary workaround, restrict access to the server where the script was executed to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.