CVE-2020-8539

Опубликовано: 01 дек. 2020

Источник: nvd

CVSS3: 7.8

CVSS2: 4.6

EPSS Низкий

Описание

Kia Motors Head Unit with Software version: SOP.003.30.18.0703, SOP.005.7.181019, and SOP.007.1.191209 may allow an attacker to inject unauthorized commands, by executing the micomd executable deamon, to trigger unintended functionalities. In addition, this executable may be used by an attacker to inject commands to generate CAN frames that are sent into the M-CAN bus (Multimedia CAN bus) of the vehicle.

Ссылки

https://gist.github.com/gianpyc/4dc8b0d0c29774a10a97785711e325c3
Third Party Advisory
https://sowhat.iit.cnr.it/pdf/IIT-20-2020.pdf
Exploit
Third Party Advisory
https://gist.github.com/gianpyc/4dc8b0d0c29774a10a97785711e325c3
Third Party Advisory
https://sowhat.iit.cnr.it/pdf/IIT-20-2020.pdf
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

Одновременно

Одно из

cpe:2.3:o:kia:head_unit_firmware:sop.003.30.18.0703:*:*:*:*:*:*:*

cpe:2.3:o:kia:head_unit_firmware:sop.005.7.181019:*:*:*:*:*:*:*

cpe:2.3:o:kia:head_unit_firmware:sop.007.1.191209:*:*:*:*:*:*:*

cpe:2.3:h:kia:head_unit:-:*:*:*:*:*:*:*

EPSS

Процентиль: 90%

0.05758

Низкий

7.8 High

CVSS3

4.6 Medium

CVSS2

Дефекты

CWE-276

Связанные уязвимости

GHSA-7g6h-m62g-mmqr

github

больше 3 лет назад