What is the severity of CVE-2023-23304?

CVE-2023-23304 is considered a high-severity vulnerability due to its potential for unauthorized access to sensitive sensor data.

How do I fix CVE-2023-23304?

To fix CVE-2023-23304, update the Garmin Connect IQ application to version 4.1.8 or later that addresses this vulnerability.

What does CVE-2023-23304 affect?

CVE-2023-23304 affects the Garmin Connect IQ API for versions 2.1.0 through 4.1.7, specifically the TVM component.

Can CVE-2023-23304 be exploited remotely?

Yes, CVE-2023-23304 can be exploited remotely by malicious applications without user consent.

What is the impact of CVE-2023-23304 on user privacy?

The impact of CVE-2023-23304 on user privacy could be significant, as it allows unauthorized applications to access personal sensor history.

Vulnerability/
CVE-2023-23304

critical

9.1

CWE

863

23/5/2023

31/1/2025

CVE-2023-23304

First published: Tue May 23 2023(Updated: )

The GarminOS TVM component in CIQ API version 2.1.0 through 4.1.7 allows applications with a specially crafted head section to use the `Toybox.SensorHistory` module without permission. A malicious application could call any functions from the `Toybox.SensorHistory` module without the user's consent and disclose potentially private or sensitive information.

Credit: cve@mitre.org cve@mitre.org

Affected Software	Affected Version	How to fix
Garmin Connect IQ	>=2.1.0<=4.1.7

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2023-23304?
CVE-2023-23304 is considered a high-severity vulnerability due to its potential for unauthorized access to sensitive sensor data.
How do I fix CVE-2023-23304?
To fix CVE-2023-23304, update the Garmin Connect IQ application to version 4.1.8 or later that addresses this vulnerability.
What does CVE-2023-23304 affect?
CVE-2023-23304 affects the Garmin Connect IQ API for versions 2.1.0 through 4.1.7, specifically the TVM component.
Can CVE-2023-23304 be exploited remotely?
Yes, CVE-2023-23304 can be exploited remotely by malicious applications without user consent.
What is the impact of CVE-2023-23304 on user privacy?
The impact of CVE-2023-23304 on user privacy could be significant, as it allows unauthorized applications to access personal sensor history.

agent/references
agent/type
collector/mitre-cve
source/MITRE
agent/first-publish-date
agent/description
agent/last-modified-date
agent/weakness
agent/severity
agent/source
agent/author
agent/event
agent/softwarecombine
agent/tags
collector/nvd-index
agent/software-canonical-lookup-request
collector/nvd-api
source/NVD
agent/software-canonical-lookup
vendor/garmin
canonical/garmin connect iq
version/garmin connect iq/2.1.0
version/garmin connect iq/4.1.7

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.