CVE-2023-33248
Published: 24 May 2023
Summary
CVE-2023-33248 is a high-severity an unspecified weakness vulnerability in Amazon Echo Dot. Its CVSS base score is 7.6 (High).
Operationally, ranked in the top 39.6% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2023-37416
Vulnerability details
Amazon Alexa software version 8960323972 on Echo Dot 2nd generation and 3rd generation devices potentially allows attackers to deliver security-relevant commands via an audio signal between 16 and 22 kHz (often outside the range of human adult hearing). Commands at…
more
these frequencies are essentially never spoken by authorized actors, but a substantial fraction of the commands are successful.
- CWE(s)
Related Threats
No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.
Affected Assets
Mitigating Controls
No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.