Cyber Resilience

CVE-2023-33248

HighPublic PoC

Published: 24 May 2023

Published
24 May 2023
Modified
16 January 2025
KEV Added
Patch
CVSS Score v3.1 7.6 CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:L/I:H/A:H
EPSS Score 0.0039 60.4th percentile
Risk Priority 15 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2023-33248 is a high-severity an unspecified weakness vulnerability in Amazon Echo Dot. Its CVSS base score is 7.6 (High).

Operationally, ranked in the top 39.6% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

EU & UK References

Vulnerability details

Amazon Alexa software version 8960323972 on Echo Dot 2nd generation and 3rd generation devices potentially allows attackers to deliver security-relevant commands via an audio signal between 16 and 22 kHz (often outside the range of human adult hearing). Commands at…

more

these frequencies are essentially never spoken by authorized actors, but a substantial fraction of the commands are successful.

CWE(s)

Related Threats

No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.

Affected Assets

amazon
alexa
8960323972

Mitigating Controls

No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.

References