CVERadar

CVE-2024-5256

Medium Severity

Sonos

SVRS

30/100

CVSSv3

4.3/10

EPSS

0.00082/1

CVE-2024-5256 is a vulnerability in Sonos Era 100 smart speakers, specifically related to SMB2 message handling. This Integer Underflow can lead to sensitive information disclosure by network-adjacent attackers without requiring authentication. Although the CVSS score is 4.3, indicating moderate severity, the SOCRadar Vulnerability Risk Score (SVRS) is 30, suggesting a lower immediate risk compared to vulnerabilities with SVRS scores above 80. The flaw exists due to improper validation of user-supplied data, leading to a potential integer underflow. While the risk of direct code execution is low, attackers might chain this vulnerability with others to achieve root access. It's important to monitor and patch this vulnerability as part of a comprehensive security strategy for Sonos devices to mitigate potential risks. The vulnerability was originally identified as ZDI-CAN-22336.

Indicators of Compromise

No IOCs found for this CVE

Exploits

No exploits found for this CVE

Enhance Your CVE Management with SOCRadar Vulnerability Intelligence

Get comprehensive CVE details, real-time notifications, and proactive threat management all in one platform.

CREATE FREE ACCOUNT

CVE Details

Access comprehensive CVE information instantly

Real-time Tracking

Subscribe to CVEs and get instant updates

Exploit Analysis

Monitor related APT groups and threats

IOC Tracking

Analyze and track CVE-related IOCs

News

CVE-2024-5256 | Sonos Sonos Era 100 SMB2 Message Hander integer underflow

vuldb.com2024-06-01

CVE-2024-5256 | Sonos Sonos Era 100 SMB2 Message Hander integer underflow | A vulnerability has been found in Sonos Sonos Era 100 and classified as problematic. Affected by this vulnerability is an unknown functionality of the component SMB2 Message Hander. The manipulation leads to integer underflow. This vulnerability is known as CVE-2024-5256. The attack can be launched remotely. There is no exploit

cve-2024-5256

domains

urls

vuldb.com

ZDI-24-542: (Pwn2Own) Sonos Era 100 SMB2 Message Handling Integer Underflow Information Disclosure Vulnerability

2024-05-31

ZDI-24-542: (Pwn2Own) Sonos Era 100 SMB2 Message Handling Integer Underflow Information Disclosure Vulnerability | This vulnerability allows network-adjacent attackers to disclose sensitive information on affected installations of Sonos Era 100 smart speakers. Authentication is not required to exploit this vulnerability. The ZDI has assigned a CVSS rating of 4.3. The following CVEs are assigned: CVE-2024-5256.

cve-2024-5256

cves

information

exploit

Social Media

Vulmon Vulnerability Feed

@VulmonFeeds

2024-05-31

CVE-2024-5256 This vulnerability allows network-adjacent attackers to disclose sensitive information on affected installations of Sonos Era 100 smart speakers. Authentication is not required to exploit this vulner... https://t.co/f72qdn1AaS

TheZDIBugs

@TheZDIBugs

2024-05-31

[ZDI-24-542|CVE-2024-5256] (Pwn2Own) Sonos Era 100 SMB2 Message Handling Integer Underflow Information Disclosure Vulnerability (CVSS 4.3; Credit: Interrupt Labs) https://t.co/JKU7xzUeEr

Affected Software

Configuration 1

Type	Vendor	Product
OS	Sonos	era_100_firmware

References

Reference	Link
[email protected]	https://www.zerodayinitiative.com/advisories/ZDI-24-542/

CWE Details

CWE ID	CWE Name	Description
CWE-191	Integer Underflow (Wrap or Wraparound)	The product subtracts one value from another, such that the result is less than the minimum allowable integer value, which produces a value that is not equal to the correct result.

CVE Radar

Real-time CVE Intelligence & Vulnerability Management Platform

CVE Radar provides comprehensive vulnerability intelligence by monitoring CVE databases, security advisories, and threat feeds. Get instant updates on new vulnerabilities, exploit details, and mitigation strategies specific to your assets.

Get Free Vulnerability Intelligence AccessAccess real-time CVE monitoring, exploit analysis, and threat intelligence