From this webpage screenshot, the following key information about the vulnerability can be obtained: 1. Vulnerability Name: (0Day) Visteon Infotainment REFLASH_DDU_FindFile Command Injection Remote Code Execution Vulnerability 2. Vulnerability ID: ZDI-24-1191, ZDI-CAN-23420 3. CVE ID: CVE-2024-8359 4. CVSS Score: 6.8, AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 5. Affected Vendor: Visteon 6. Affected Product: Infotainment 7. Vulnerability Details: - A physically present attacker can execute arbitrary code on affected Visteon Infotainment systems. - A specific flaw exists in the REFLASH_DDU_FindFile function. A crafted software update file can trigger a system call composed of user-supplied strings. Attackers can exploit this vulnerability to execute code within the device context. 8. Additional Details: - April 24, 2024: ZDI reported the vulnerability to the vendor. - April 30, 2024: ZDI requested an update. - July 29, 2024: ZDI requested an update again. - August 16, 2024: ZDI notified the vendor of plans to publish the 0-day advisory on August 30, 2024. 9. Mitigation: Given the nature of the vulnerability, the only mitigation strategy is to restrict interaction with the application. 10. Disclosure Timeline: - April 24, 2024 – Vulnerability reported to vendor. - August 30, 2024 – Coordinated public vulnerability advisory released. - August 30, 2024 – Advisory updated. 11. Credit: Dmitry "InfoSecDJ" Janushkevich of Trend Micro Zero Day Initiative