CVERadar

CVE-2024-8358

Medium Severity

SVRS

30/100

CVSSv3

NA/10

EPSS

0.00279/1

CVE-2024-8358 is a newly published vulnerability where details are not yet available. With a SOCRadar Vulnerability Risk Score (SVRS) of 30, CVE-2024-8358 is currently categorized as a low-risk cybersecurity threat, however, it's tagged as "In The Wild", suggesting potential active exploitation. Organizations should monitor for updates and emerging information regarding this CVE. The absence of a CVSS score and detailed description necessitates proactive monitoring for further developments. Although the current SVRS indicates a low immediate threat, the "In The Wild" tag advises a cautious approach. Continuous monitoring of threat intelligence is crucial to assess any evolving risks associated with CVE-2024-8358.

TAGS

In The Wild

VECTOR STRING

PUBLICATION DATE2024-08-31

LAST MODIFIED2024-08-31

SOCRadar

AI Insight

Description

CVE-2024-8358 is a vulnerability with a CVSS score of 0 and an SVRS of 30, indicating a moderate risk. While a detailed description is not yet available, the vulnerability is actively exploited in the wild, making it crucial for organizations to take immediate action.

Key Insights

Exploit Status: Active exploits have been published, increasing the risk of exploitation.
CISA Warnings: The Cybersecurity and Infrastructure Security Agency (CISA) has warned of the vulnerability, calling for immediate and necessary measures.
Threat Actors: Specific threat actors or APT groups actively exploiting this vulnerability have not been identified yet.
Impact: The vulnerability could allow attackers to gain unauthorized access to systems, steal sensitive data, or disrupt operations.

Mitigation Strategies

Apply Patches: Install security updates and patches as soon as they become available.
Enable Intrusion Detection Systems (IDS): Monitor network traffic for suspicious activity and block unauthorized access attempts.
Implement Multi-Factor Authentication (MFA): Add an extra layer of security to user accounts by requiring multiple forms of authentication.
Educate Users: Train employees on cybersecurity best practices, such as avoiding suspicious links and attachments.

Additional Information

If users have additional queries regarding this incident, they can use the 'Ask to Analyst' feature, contact SOCRadar directly, or open a support ticket for more information if necessary.

Indicators of Compromise

No IOCs found for this CVE

Exploits

No exploits found for this CVE

Enhance Your CVE Management with SOCRadar Vulnerability Intelligence

Get comprehensive CVE details, real-time notifications, and proactive threat management all in one platform.

CREATE FREE ACCOUNT

CVE Details

Access comprehensive CVE information instantly

Real-time Tracking

Subscribe to CVEs and get instant updates

Exploit Analysis

Monitor related APT groups and threats

IOC Tracking

Analyze and track CVE-related IOCs

News

Multiple Vulnerabilities in the Mazda In-Vehicle Infotainment (IVI) System

Dmitry Janushkevich2025-02-01

Multiple Vulnerabilities in the Mazda In-Vehicle Infotainment (IVI) System | Multiple vulnerabilities have been discovered in the Mazda Connect Connectivity Master Unit (CMU) system installed in multiple car models, such as the Mazda 3 model year 2014-2021. Like in so many cases, these vulnerabilities are caused by insufficient sanitization when handling attacker-supplied input. A physically present attacker could exploit these vulnerabilities by connecting a specially crafted USB device – such as an iPod or mass storage device – to the target system. Successful exploitation of some of these vulnerabilities results in arbitrary code execution with root

zerodayinitiative.com

rss

forum

news

CVE-2024-8358 | Visteon Infotainment UPDATES_ExtractFile command injection (ZDI-24-1190)

vuldb.com2024-12-11

CVE-2024-8358 | Visteon Infotainment UPDATES_ExtractFile command injection (ZDI-24-1190) | A vulnerability has been found in Visteon Infotainment and classified as critical. This vulnerability affects the function UPDATES_ExtractFile. The manipulation leads to command injection. This vulnerability was named CVE-2024-8358. It is possible to launch the attack on the physical device. There is no exploit available.

vuldb.com

rss

forum

news

Mazda Connect flaws allow to hack some Mazda vehicles

Pierluigi Paganini2024-11-10

Mazda Connect flaws allow to hack some Mazda vehicles | Multiple vulnerabilities in the infotainment unit Mazda Connect could allow attackers to execute arbitrary code with root access. Trend Micro’s Zero Day Initiative warned of multiple vulnerabilities in the Mazda Connect infotainment system that could allow attackers to execute code with root privileges. This occurs due to improper input sanitization in the Mazda Connect CMU, […] Multiple vulnerabilities in the infotainment unit Mazda Connect

securityaffairs.co

rss

forum

news

ZDI-24-1190: (0Day) Visteon Infotainment UPDATES_ExtractFile Command Injection Remote Code Execution Vulnerability

2024-08-30

ZDI-24-1190: (0Day) Visteon Infotainment UPDATES_ExtractFile Command Injection Remote Code Execution Vulnerability | This vulnerability allows physically present attackers to execute arbitrary code on affected installations of Visteon Infotainment systems. Authentication is not required to exploit this vulnerability. The ZDI has assigned a CVSS rating of 6.8. The following CVEs are assigned: CVE-2024-8358.

cve-2024-8358

cves

code

exploit

Social Media

TheZDIBugs

@TheZDIBugs

2024-08-30

[ZDI-24-1190|CVE-2024-8358] (0Day) Visteon Infotainment UPDATES_ExtractFile Command Injection Remote Code Execution Vulnerability (CVSS 6.8; Credit: Dmitry "InfoSecDJ" Janushkevich of Trend Micro Zero Day Initiative) https://t.co/hndpAUPjVz

Affected Software

No affected software found for this CVE

References

No references found for this CVE

CWE Details

No CWE details found for this CVE

CVE Radar

Real-time CVE Intelligence & Vulnerability Management Platform

CVE Radar provides comprehensive vulnerability intelligence by monitoring CVE databases, security advisories, and threat feeds. Get instant updates on new vulnerabilities, exploit details, and mitigation strategies specific to your assets.

Get Free Vulnerability Intelligence AccessAccess real-time CVE monitoring, exploit analysis, and threat intelligence