CVE-2021-23909

Опубликовано: 13 мая 2021

Источник: nvd

CVSS3: 6.3

CVSS3: 9.8

CVSS2: 7.5

EPSS Низкий

Описание

An issue was discovered in HERMES 2.1 in the MBUX Infotainment System on Mercedes-Benz vehicles through 2021. The SH2 MCU allows remote code execution.

Ссылки

https://keenlab.tencent.com/en/2021/05/12/Tencent-Security-Keen-Lab-Experimental-Security-Assessment-on-Mercedes-Benz-Cars/
Third Party Advisory
https://keenlab.tencent.com/en/whitepapers/Mercedes_Benz_Security_Research_Report_Final.pdf
Exploit
Third Party Advisory
https://media.daimler.com/marsMediaSite/en/instance/ko.xhtml?oid=49946866
Third Party Advisory
https://keenlab.tencent.com/en/2021/05/12/Tencent-Security-Keen-Lab-Experimental-Security-Assessment-on-Mercedes-Benz-Cars/
Third Party Advisory
https://keenlab.tencent.com/en/whitepapers/Mercedes_Benz_Security_Research_Report_Final.pdf
Exploit
Third Party Advisory
https://media.daimler.com/marsMediaSite/en/instance/ko.xhtml?oid=49946866
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

Одновременно

cpe:2.3:a:mercedes-benz:hermes:2.1:*:*:*:*:*:*:*

Одно из

cpe:2.3:h:mercedes-benz:a_220:-:*:*:*:*:*:*:*

cpe:2.3:h:mercedes-benz:a_220_4matic:-:*:*:*:*:*:*:*

cpe:2.3:h:mercedes-benz:e_350:-:*:*:*:*:*:*:*

cpe:2.3:h:mercedes-benz:e_350_4matic:-:*:*:*:*:*:*:*

cpe:2.3:h:mercedes-benz:eqc:-:*:*:*:*:*:*:*

cpe:2.3:h:mercedes-benz:gle_350:-:*:*:*:*:*:*:*

cpe:2.3:h:mercedes-benz:gle_350_4matic:-:*:*:*:*:*:*:*

EPSS

Процентиль: 85%

0.02648

Низкий

6.3 Medium

CVSS3

9.8 Critical

CVSS3

7.5 High

CVSS2

Дефекты

CWE-787

Связанные уязвимости

GHSA-xgjg-42m3-rrw5

github

больше 3 лет назад

An issue was discovered in HERMES 2.1 in the MBUX Infotainment System on Mercedes-Benz vehicles through 2021. The SH2 MCU allows remote code execution.

EPSS

Процентиль: 85%

0.02648

Низкий

6.3 Medium

CVSS3

9.8 Critical

CVSS3

7.5 High

CVSS2

Дефекты

CWE-787