← Back

CVE-2023-6317

nvd nist
Published: Apr 9, 2024Modified: Feb 7, 2025

JSON object

Loading...
9.8
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Exploitability: 3.9 / Impact: 5.9
Source: NVD

Description

A prompt bypass exists in the secondscreen.gateway service running on webOS version 4 through 7. An attacker can create a privileged account without asking the user for the security PIN.  Full versions and TV models affected: webOS 4.9.7 - 5.30.40 running on LG43UM7000PLA webOS 5.5.0 - 04.50.51 running on OLED55CXPUA webOS 6.3.3-442 (kisscurl-kinglake) - 03.36.50 running on OLED48C1PUB   webOS 7.3.1-43 (mullet-mebin) - 03.33.85 running on OLED55A23LA

Affected (4)

Products: Lg: Webos
Lg
1 product
Webos
Configuration A
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Webos
Version 4.9.7
Running on/withPlatform Versions
Lg
Lg43um7000pla
All versions
Configuration B
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Webos
Version 5.5.0
Running on/withPlatform Versions
Lg
Oled55cxpua
All versions
Configuration C
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Webos
Version 6.3.3-442
Running on/withPlatform Versions
Lg
Oled48c1pub
All versions
Configuration D
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Webos
Version 7.3.1-43
Running on/withPlatform Versions
Lg
Oled55a23la
All versions

Related CWEs

CWE-639
Authorization Bypass Through User-Controlled Key
The system's authorization functionality does not prevent one user from gaining access to another user's data or record by modifying the key value identifying the data.

References (4)

Source: cve-requests@bitdefender.com
ExploitThird Party Advisory
Source: cve-requests@bitdefender.com
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
ExploitThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory

Timeline

No history available yet.