CVE-2020-8539

Exploit

EPSS 2.26%
Veröffentlicht 01.12.2020 18:15:12
Zuletzt bearbeitet 21.11.2024 05:38:59
Quelle cve@mitre.org
CVE-Watchlists
Login
Unerledigt
Login

Kia Motors Head Unit with Software version: SOP.003.30.18.0703, SOP.005.7.181019, and SOP.007.1.191209 may allow an attacker to inject unauthorized commands, by executing the micomd executable deamon, to trigger unintended functionalities. In addition, this executable may be used by an attacker to inject commands to generate CAN frames that are sent into the M-CAN bus (Multimedia CAN bus) of the vehicle.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 5

NVD 3 VulnDex Vulnerability Enrichment 0

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Kia ≫ Head Unit Firmware Versionsop.003.30.18.0703

Kia ≫ Head Unit Version-

Kia ≫ Head Unit Firmware Versionsop.005.7.181019

Kia ≫ Head Unit Version-

Kia ≫ Head Unit Firmware Versionsop.007.1.191209

Kia ≫ Head Unit Version-

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	2.26%	0.807

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7.8	1.8	5.9	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov	4.6	3.9	6.4	AV:L/AC:L/Au:N/C:P/I:P/A:P

CWE-276 Incorrect Default Permissions

During installation, installed file permissions are set to allow anyone to modify those files.

https://gist.github.com/gianpyc/4dc8b0d0c29774a10a97785711e325c3

Third Party Advisory

https://sowhat.iit.cnr.it/pdf/IIT-20-2020.pdf

Third Party Advisory

Exploit

https://nvd.nist.gov/vuln/detail/CVE-2020-8539

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2020-8539

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2020-8539

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2020-8539