This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Sonos One Speaker 70.3-35220. Authentication is not required to exploit this vulnerability. The specific flaw exists within the MPEG-TS parser.
The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-19773.
The list of four flaws, which impact Sonos One Speaker 70.3-35220, is below -
- CVE-2023-27352 and CVE-2023-27355 (CVSS scores: 8.8) - Unauthenticated flaws that allow network-adjacent attackers to execute arbitrary code on affected installations.
- CVE-2023-27353 and CVE-2023-27354 (CVSS score: 6.5) - Unauthenticated flaws that allow network-adjacent attackers to disclose sensitive information on affected installations.
While CVE-2023-27352 stems from when processing SMB directory query commands, CVE-2023-27355 exists within the MPEG-TS parser.
VULNERABILITY DETAILS
This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Sonos One Speaker. Authentication is not required to exploit this vulnerability.
The specific flaw exists within the MPEG-TS parser. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root.
ADDITIONAL DETAILS
Sonos users with the S2 app installed should ensure their system is running software version 15.1 or later. Sonos users with the S1 app installed should be running version 11.7.1 or later. Users can check which software version they are running in the Sonos app > Settings > System > About My System.
References to Advisories, Solutions, and Tools
Successful exploitation of both shortcomings could permit an attacker to execute arbitrary code in the context of the root user.
Both the information disclosure flaws can be combined separately with other flaws in the systems to achieve code execution with elevated privileges.
Following responsible disclosure on December 29, 2022, the flaws were addressed by Sonos as part of Sonos S2 and S1 software versions 15.1 and 11.7.1, respectively. Users are recommended to apply the latest patches to mitigate potential risks.
0 Comments