CVE-2023-45593

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2023-45593
A CWE-184 “Incomplete List of Disallowed Inputs” vulnerability in the embedded Chromium browser (concerning the handling of alternative URLs, other than “ http://localhost” ) allows a physical attacker to read arbitrary files on the file system, alter the configuration of the embedded browser, and have other unspecified impacts to the confidentiality, integrity, and availability of the device. This issue affects: AiLux imx6 bundle below version imx6_1.0.7-2.

6.8 /10

CVSS v3.0 : MEDIUM

V3 Legend

Vector :

Exploitability : 0.9 / Impact : 5.9

Attack Vector PHYSICAL

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References
Link Resource
https://www.nozominetworks.com/labs/vulnerability-advisories-cve-2023-45593 Third Party Advisory
https://www.nozominetworks.com/labs/vulnerability-advisories-cve-2023-45593 Third Party Advisory
Configurations

Configuration 1 (hide)

cpe:2.3:a:ailux:imx6:*:*:*:*:*:*:*:*
History

10 Apr 2025, 20:24

Type Values Removed Values Added
CVSS v2 : unknown
v3 : unknown 		v2 : unknown
v3 : 6.8
CWE CWE-184
NVD-CWE-noinfo

03 Mar 2025, 19:36

Type Values Removed Values Added
First Time Ailux
Ailux imx6
CPE cpe:2.3:a:ailux:imx6:*:*:*:*:*:*:*:*
References () https://www.nozominetworks.com/labs/vulnerability-advisories-cve-2023-45593 - () https://www.nozominetworks.com/labs/vulnerability-advisories-cve-2023-45593 - Third Party Advisory
CWE CWE-184

17 Oct 2024, 10:15

Type Values Removed Values Added
Summary A CWE-693 “Protection Mechanism Failure” vulnerability in the embedded Chromium browser (concerning the handling of alternative URLs, other than “ http://localhost” ) allows a physical attacker to read arbitrary files on the file system, alter the configuration of the embedded browser, and have other unspecified impacts to the confidentiality, integrity, and availability of the device. This issue affects: AiLux imx6 bundle below version imx6_1.0.7-2. A CWE-184 “Incomplete List of Disallowed Inputs” vulnerability in the embedded Chromium browser (concerning the handling of alternative URLs, other than “ http://localhost” ) allows a physical attacker to read arbitrary files on the file system, alter the configuration of the embedded browser, and have other unspecified impacts to the confidentiality, integrity, and availability of the device. This issue affects: AiLux imx6 bundle below version imx6_1.0.7-2.

30 Sep 2024, 10:15

Type Values Removed Values Added
Summary A CWE-693 “Protection Mechanism Failure” vulnerability in the embedded Chromium browser (concerning the handling of alternative URLs, other than “ http://localhost” http://localhost” ) allows a physical attacker to read arbitrary files on the file system, alter the configuration of the embedded browser, and have other unspecified impacts to the confidentiality, integrity, and availability of the device. This issue affects: AiLux imx6 bundle below version imx6_1.0.7-2. A CWE-693 “Protection Mechanism Failure” vulnerability in the embedded Chromium browser (concerning the handling of alternative URLs, other than “ http://localhost” ) allows a physical attacker to read arbitrary files on the file system, alter the configuration of the embedded browser, and have other unspecified impacts to the confidentiality, integrity, and availability of the device. This issue affects: AiLux imx6 bundle below version imx6_1.0.7-2.
CWE CWE-184

05 Mar 2024, 12:15

Type Values Removed Values Added
New CVE
Information

Published : 2024-03-05 12:15

Updated : 2025-04-10 20:24

NVD link : CVE-2023-45593

Mitre link : CVE-2023-45593

JSON object : View

Products Affected

ailux

  • imx6
CWE
CWE-184

Incomplete List of Disallowed Inputs

NVD-CWE-noinfo