Описание
Mercedes-Benz head-unit NTG6 contains functions to import or export profile settings over USB. Inside file is encapsulate another file, which service will drop during processing. Due to missed checks, attacker can achieve Arbitrary File Write with service speech rights.
Ссылки
- Third Party Advisory
Уязвимые конфигурации
EPSS
7.7 High
CVSS3
Дефекты
Связанные уязвимости
Mercedes-Benz head-unit NTG6 contains functions to import or export profile settings over USB. Inside file is encapsulate another file, which service will drop during processing. Due to missed checks, attacker can achieve Arbitrary File Write with service speech rights.
Уязвимость функции UserDataExchangeServiceClient::unpackVoiceTagArchiveOptimized() системы мультимедиа Mercedes-Benz User Experience (MBUX), позволяющая нарушителю повысить свои привилегии и записывать произвольные файлы
EPSS
7.7 High
CVSS3