CVE-2018-9322

Опубликовано: 31 мая 2018

Источник: nvd

CVSS3: 7.8

CVSS2: 7.2

EPSS Низкий

Описание

The Head Unit HU_NBT (aka Infotainment) component on BMW i Series, BMW X Series, BMW 3 Series, BMW 5 Series, and BMW 7 Series vehicles produced in 2012 through 2018 allows local attacks involving the USB or OBD-II interface. An attacker can bypass the code-signing protection mechanism for firmware updates, and consequently obtain a root shell.

Ссылки

http://www.securityfocus.com/bid/104258
Third Party Advisory
VDB Entry
https://keenlab.tencent.com/en/Experimental_Security_Assessment_of_BMW_Cars_by_KeenLab.pdf
Exploit
Third Party Advisory
https://www.theregister.co.uk/2018/05/23/bmw_security_bugs/
Third Party Advisory
http://www.securityfocus.com/bid/104258
Third Party Advisory
VDB Entry
https://keenlab.tencent.com/en/Experimental_Security_Assessment_of_BMW_Cars_by_KeenLab.pdf
Exploit
Third Party Advisory
https://www.theregister.co.uk/2018/05/23/bmw_security_bugs/
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

Одновременно

cpe:2.3:o:bmw:head_unit_hu_nbt_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:bmw:head_unit_hu_nbt:-:*:*:*:*:*:*:*

EPSS

Процентиль: 17%

0.00053

Низкий

7.8 High

CVSS3

7.2 High

CVSS2

Дефекты

CWE-693

Связанные уязвимости

GHSA-5937-mjcm-vj8m