1. Home
  2. CVE Database
  3. CVE-2023-33248
HIGH · 7.6

CVE-2023-33248

Amazon Alexa software version 8960323972 on Echo Dot 2nd generation and 3rd generation devices potentially allows attackers to deliver security-relevant commands via an audio signal between 16 and 22 ...

Vulnerability Description

Amazon Alexa software version 8960323972 on Echo Dot 2nd generation and 3rd generation devices potentially allows attackers to deliver security-relevant commands via an audio signal between 16 and 22 kHz (often outside the range of human adult hearing). Commands at these frequencies are essentially never spoken by authorized actors, but a substantial fraction of the commands are successful.

CVSS Score

7.6

HIGH

CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:L/I:H/A:H
Attack Vector
ADJACENT_NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality
LOW
Integrity
HIGH
Availability
HIGH

Affected Products

VendorProductVersions
AmazonAlexa8960323972
AmazonEcho Dot-

References

FAQ

What is CVE-2023-33248?

CVE-2023-33248 is a vulnerability with a CVSS score of 7.6 (HIGH). Amazon Alexa software version 8960323972 on Echo Dot 2nd generation and 3rd generation devices potentially allows attackers to deliver security-relevant commands via an audio signal between 16 and 22 ...

How severe is CVE-2023-33248?

CVE-2023-33248 has been rated HIGH with a CVSS base score of 7.6/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2023-33248?

Check the references section above for vendor advisories and patch information. Affected products include: Amazon Alexa, Amazon Echo Dot.