Multiple security flaws discovered in the Sonos One wireless speaker can be exploited to accomplish information disclosure and remote code execution (Zero Day Initiative (ZDI)). Said In a report released last week.
This vulnerability was demonstrated at the Pwn2Own hacking contest in Toronto late last year by three different teams: Qrious Secure, STAR Labs, and DEVCORE, which won a prize of $105,000.
Below is a list of four defects affecting the Sonos One Speaker 70.3-35220.
- CVE-2023-27352 and CVE-2023-27355 (CVSS score: 8.8) – Unauthenticated flaw allows network-adjacent attackers to execute arbitrary code on affected installations.
- CVE-2023-27353 and CVE-2023-27354 (CVSS score: 6.5) – An unauthenticated flaw could allow a network-adjacent attacker to disclose sensitive information on the affected installation.
CVE-2023-27352 occurs when processing SMB directory query commands, while CVE-2023-27355 resides within the MPEG-TS parser.
Zero Trust + Deception: Learn How to Outsmart Attackers!
See how Deception can detect advanced threats, stop lateral movement, and strengthen your Zero Trust strategy. Join us for an insightful webinar!
Successful exploitation of both shortcomings could allow an attacker to execute arbitrary code in the context of the root user.
Both information disclosure flaws can be individually combined with other flaws in the system to allow code execution with elevated privileges.
Following responsible disclosure on December 29, 2022, this flaw has been addressed by Sonos as part of Sonos S2 and S1 software versions 15.1 and 11.7.1 respectively. We recommend applying the latest patches to reduce potential risks.