Amazon Echo Dot Voice Cmd Injection via 16-22 kHz Audio
CVE-2023-33248 Published on May 24, 2023

Amazon Alexa software version 8960323972 on Echo Dot 2nd generation and 3rd generation devices potentially allows attackers to deliver security-relevant commands via an audio signal between 16 and 22 kHz (often outside the range of human adult hearing). Commands at these frequencies are essentially never spoken by authorized actors, but a substantial fraction of the commands are successful.

NVD

Vulnerability Analysis

Attack Vector:

ADJACENT_NETWORK

Attack Complexity:

LOW

Privileges Required:

NONE

User Interaction:

REQUIRED

Scope:

UNCHANGED

Confidentiality Impact:

LOW

Integrity Impact:

HIGH

Availability Impact:

HIGH

Products Associated with CVE-2023-33248

Want to know whenever a new CVE is published for Amazon Alexa? stack.watch will email you.

Amazon Alexa

Exploit Probability

EPSS

0.62%

Percentile

69.72%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.

Amazon Echo Dot Voice Cmd Injection via 16-22 kHz AudioCVE-2023-33248 Published on May 24, 2023

Vulnerability Analysis

Products Associated with CVE-2023-33248

Exploit Probability

Amazon Echo Dot Voice Cmd Injection via 16-22 kHz Audio
CVE-2023-33248 Published on May 24, 2023