Описание
The update functionality of the Discover Media infotainment system in Volkswagen Polo 2019 vehicles allows physically proximate attackers to execute arbitrary code because some unsigned parts of a metainfo file are parsed, which can cause attacker-controlled files to be written to the infotainment system and executed as root.
Ссылки
- ExploitThird Party Advisory
- ExploitThird Party Advisory
Уязвимые конфигурации
Конфигурация 1
Одновременно
cpe:2.3:o:vw:polo_firmware:2019:*:*:*:*:*:*:*
cpe:2.3:h:vw:polo:-:*:*:*:*:*:*:*
EPSS
Процентиль: 5%
0.00024
Низкий
6.8 Medium
CVSS3
7.2 High
CVSS2
Дефекты
CWE-354
Связанные уязвимости
github
около 3 лет назад
The update functionality of the Discover Media infotainment system in Volkswagen Polo 2019 vehicles allows physically proximate attackers to execute arbitrary code because some unsigned parts of a metainfo file are parsed, which can cause attacker-controlled files to be written to the infotainment system and executed as root.
EPSS
Процентиль: 5%
0.00024
Низкий
6.8 Medium
CVSS3
7.2 High
CVSS2
Дефекты
CWE-354