CVE-2022-25809
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
1Exploited in Wild
-Decision
Descriptions
Improper Neutralization of audio output from 3rd and 4th Generation Amazon Echo Dot devices allows arbitrary voice command execution on these devices via a malicious skill (in the case of remote attackers) or by pairing a malicious Bluetooth device (in the case of physically proximate attackers), aka an "Alexa versus Alexa (AvA)" attack.
Una Neutralización Inapropiada de la salida de audio de los dispositivos Amazon Echo Dot de 3ª y 4ª generación permite una ejecución de comandos de voz arbitrarios en estos dispositivos por medio de una habilidad maliciosa (en el caso de atacantes remotos) o mediante el emparejamiento de un dispositivo Bluetooth malicioso (en el caso de atacantes físicamente próximos), también conocido como ataque "Alexa versus Alexa (AvA)"
CVSS Scores
SSVC
- Decision:-
Timeline
- 2022-02-23 CVE Reserved
- 2022-02-23 CVE Published
- 2024-08-03 CVE Updated
- 2024-08-03 First Exploit
- 2024-11-08 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
CAPEC
References (1)
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Amazon Search vendor "Amazon" | Echo Dot Firmware Search vendor "Amazon" for product "Echo Dot Firmware" | - | - |
Affected
| in | Amazon Search vendor "Amazon" | Echo Dot Search vendor "Amazon" for product "Echo Dot" | 3.0 Search vendor "Amazon" for product "Echo Dot" and version "3.0" | - |
Safe
|
| Amazon Search vendor "Amazon" | Echo Dot Firmware Search vendor "Amazon" for product "Echo Dot Firmware" | - | - |
Affected
| in | Amazon Search vendor "Amazon" | Echo Dot Search vendor "Amazon" for product "Echo Dot" | 4.0 Search vendor "Amazon" for product "Echo Dot" and version "4.0" | - |
Safe
|