CVE-2018-11567

Name: CVE-2018-11567
Creator: NVD / NIST
Published: 2018-05-30T22:29:00.243+00:00
License: https://creativecommons.org/publicdomain/zero/1.0/

UnknownEPSS 1.09%

Last modified Jun 17, 2026

CVE-2018-11567 is a vulnerability of currently unknown severity. Prior to 2018-04-27, the reprompt feature in Amazon Echo devices could be misused by a custom Alexa skill. The reprompt feature is designed so that if Alexa does not receive an input within 8 seconds, the device can speak a reprompt, then wait an additional 8 seconds for input; if the user still does not respond, the microphone is then turned off. EPSS estimates a 1.09% chance of exploitation in the next 30 days.

Description

Prior to 2018-04-27, the reprompt feature in Amazon Echo devices could be misused by a custom Alexa skill. The reprompt feature is designed so that if Alexa does not receive an input within 8 seconds, the device can speak a reprompt, then wait an additional 8 seconds for input; if the user still does not respond, the microphone is then turned off. The vulnerability involves empty output-speech reprompts, custom wildcard ("gibberish") input slots, and logging of detected speech. If a maliciously designed skill is installed, an attacker could obtain transcripts of speech not intended for Alexa to process, but simply spoken within the device's hearing range. NOTE: The vendor states "Customer trust is important to us and we take security and privacy seriously. We have put mitigations in place for detecting this type of skill behavior and reject or suppress those skills when we do. Customers do not need to take any action for these mitigations to work.

Metrics

EPSS Probability

1.09%

61.0th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

CWE-384

Affected Software

Vendor	Product	Versions
Amazon	Echo Show Firmware	< 2018-04-27
Amazon	Echo Plus Firmware	< 2018-04-27
Amazon	Echo Dot Firmware	< 2018-04-27
Amazon	Echo Spot Firmware	< 2018-04-27
Amazon	Echo Firmware	< 2018-04-27

References

https://info.checkmarx.com/hubfs/Amazon_Echo_Research.pdfExploit, Third Party Advisory
https://www.checkmarx.com/2018/04/25/eavesdropping-with-amazon-alexa/Third Party Advisory
https://www.wired.com/story/amazon-echo-alexa-skill-spying/Press/Media Coverage, Third Party Advisory
https://www.yahoo.com/news/amazon-alexa-bug-let-hackers-104609600.htmlPress/Media Coverage, Third Party Advisory
https://info.checkmarx.com/hubfs/Amazon_Echo_Research.pdfExploit, Third Party Advisory
https://www.checkmarx.com/2018/04/25/eavesdropping-with-amazon-alexa/Third Party Advisory
https://www.wired.com/story/amazon-echo-alexa-skill-spying/Press/Media Coverage, Third Party Advisory
https://www.yahoo.com/news/amazon-alexa-bug-let-hackers-104609600.htmlPress/Media Coverage, Third Party Advisory

Timeline

Published: May 30, 2018
Last Modified: Jun 17, 2026
Status: Modified

Frequently Asked Questions

What is CVE-2018-11567?

How severe is CVE-2018-11567?

Severity scoring for CVE-2018-11567 is pending analysis. The EPSS model estimates a 1.09% probability of exploitation in the next 30 days.

How do I fix CVE-2018-11567?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2018-11567?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST