Vulnerability Description
An Improper Enforcement of Behavioral Workflow vulnerability in the exchangeDeviceServices function on the amzn.dmgr service allowed an attacker to register services that are only locally accessible. This issue affects: Amazon Fire TV Stick 3rd gen versions prior to 6.2.9.5. Insignia TV with FireOS versions prior to 7.6.3.3.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Amazon | Fire Os | < 6.2.9.5 |
| Amazon | Fire Tv Stick 3Rd Gen | - |
| Bestbuy | Insignia Tv | - |
Related Weaknesses (CWE)
References
- https://www.bitdefender.com/blog/labs/vulnerabilities-identified-amazon-fire-tv-Third Party Advisory
- https://www.bitdefender.com/blog/labs/vulnerabilities-identified-amazon-fire-tv-Third Party Advisory
FAQ
What is CVE-2023-1383?
CVE-2023-1383 is a vulnerability with a CVSS score of 5.4 (MEDIUM). An Improper Enforcement of Behavioral Workflow vulnerability in the exchangeDeviceServices function on the amzn.dmgr service allowed an attacker to register services that are only locally accessible. ...
How severe is CVE-2023-1383?
CVE-2023-1383 has been rated MEDIUM with a CVSS base score of 5.4/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2023-1383?
Check the references section above for vendor advisories and patch information. Affected products include: Amazon Fire Os, Amazon Fire Tv Stick 3Rd Gen, Bestbuy Insignia Tv.