Cyber Resilience

CVE-2022-24046

High

Published: 18 February 2022

Published
18 February 2022
Modified
21 November 2024
KEV Added
Patch
CVSS Score v3.1 8.8 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0742 91.9th percentile
Risk Priority 22 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2022-24046 is a high-severity Wrap or Wraparound (CWE-191) vulnerability in Sonos S1. Its CVSS base score is 8.8 (High).

Operationally, ranked in the top 8.1% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.

Deeper analysis

This vulnerability is an integer underflow, tracked as CWE-191, in the anacapd daemon of Sonos One Speakers. It affects all S2 systems prior to version 3.4.1 and all S1 systems prior to version 11.2.13 build 57923290, and stems from missing validation of user-supplied data that can corrupt memory before a write operation occurs. The flaw carries a CVSS 3.1 score of 8.8.

Network-adjacent attackers can exploit the issue without authentication or user interaction to execute arbitrary code in the root context on affected devices. The attack surface is limited to the local network segment because of the adjacent-network attack vector.

The Zero Day Initiative advisories ZDI-22-260 and ZDI-CAN-15828 identify the issue and indicate that the vendor has released the firmware versions listed above to resolve it. The EPSS score has remained flat at 0.0742 with no material increase since disclosure.

EU & UK References

Vulnerability details

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Sonos One Speaker prior to 3.4.1 (S2 systems) and 11.2.13 build 57923290 (S1 systems). Authentication is not required to exploit this vulnerability. The specific flaw exists within…

more

the anacapd daemon. The issue results from the lack of proper validation of user-supplied data, which can result in an integer underflow before writing to memory. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-15828.

CWE(s)

Related Threats

No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.

Affected Assets

sonos
s1
≤ 11.2.13
sonos
s2
≤ 3.4.1

Mitigating Controls

No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.

References