CVE-2023-33281

Опубликовано: 22 мая 2023

Источник: nvd

CVSS3: 6.5

EPSS Низкий

Описание

The remote keyfob system on Nissan Sylphy Classic 2021 sends the same RF signal for each door-open request, which allows for a replay attack. NOTE: the vendor's position is that this cannot be reproduced with genuine Nissan parts: for example, the combination of keyfob and door handle shown in the exploit demonstration does not match any technology that Nissan provides to customers.

Ссылки

https://chaos-lab.blogspot.com/2023/05/nissan-sylphy-classic-2021-fixed-code.html
Exploit
Third Party Advisory
https://twitter.com/Kevin2600/status/1658059570806415365
Exploit
Third Party Advisory
https://www.youtube.com/watch?v=GG1utSdYG1k
Exploit
Third Party Advisory
https://chaos-lab.blogspot.com/2023/05/nissan-sylphy-classic-2021-fixed-code.html
Exploit
Third Party Advisory
https://twitter.com/Kevin2600/status/1658059570806415365
Exploit
Third Party Advisory
https://www.youtube.com/watch?v=GG1utSdYG1k
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

Одновременно

cpe:2.3:o:nissan:sylphy_classic_2021_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:nissan:sylphy_classic_2021:-:*:*:*:*:*:*:*

EPSS

Процентиль: 8%

0.00031

Низкий

6.5 Medium

CVSS3

Дефекты

CWE-294

Связанные уязвимости

GHSA-mf42-cj9f-vmhp