Prior to 2018-04-27, the reprompt feature in Amazon Echo devices could be misused by a custom Alexa skill. Rated low severity (CVSS 3.3), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
Session Fixation
Information Disclosure
Echo Show Firmware
Echo Plus Firmware
Echo Dot Firmware
+2
NVD
CVSS 3.0
3.3
EPSS
1.1%