CVE-2024-8356 – Visteon Infotainment VIP MCU Code Insufficient Validation of Data Authenticity Local Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2024-8356
An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the firmware update process of the VIP microcontroller. ... An attacker can leverage this vulnerability to escalate privileges execute arbitrary code in the context of the VIP MCU. •
CVE-2024-8357 – Visteon Infotainment App SoC Missing Immutable Root of Trust in Hardware Local Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2024-8357
An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of the boot process. •
CVE-2024-8358 – Visteon Infotainment UPDATES_ExtractFile Command Injection Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2024-8358
This vulnerability allows physically present attackers to execute arbitrary code on affected installations of Visteon Infotainment systems. ... A crafted software update file can trigger execution of a system call composed from a user-supplied string. An attacker can leverage this vulnerability to execute code in the context of the device. •
CVE-2024-8359 – Visteon Infotainment REFLASH_DDU_FindFile Command Injection Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2024-8359
This vulnerability allows physically present attackers to execute arbitrary code on affected installations of Visteon Infotainment systems. ... A crafted software update file can trigger execution of a system call composed from a user-supplied string. An attacker can leverage this vulnerability to execute code in the context of the device. •
CVE-2024-8360 – Visteon Infotainment REFLASH_DDU_ExtractFile Command Injection Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2024-8360
This vulnerability allows physically present attackers to execute arbitrary code on affected installations of Visteon Infotainment systems. ... A crafted software update file can trigger execution of a system call composed from a user-supplied string. An attacker can leverage this vulnerability to execute code in the context of the device. •