9.8

CVE-2021-23908

Exploit

An issue was discovered in the Headunit NTG6 in the MBUX Infotainment System on Mercedes-Benz vehicles through 2021. A type confusion issue affects MultiSvSetAttributes in the HiQnet Protocol, leading to remote code execution.

Data is provided by the National Vulnerability Database (NVD)
Mercedes-benzHeadunit Ntg6 Mercedes-benz User Experience Version2021
   Mercedes-benzA 220 Version-
   Mercedes-benzA 220 4matic Version-
   Mercedes-benzE 350 Version-
   Mercedes-benzE 350 4matic Version-
   Mercedes-benzEqc Version-
   Mercedes-benzGle 350 Version-
   Mercedes-benzGle 350 4matic Version-
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Type Source Score Percentile
EPSS FIRST.org 1.5% 0.803
CVSS Metriken
Source Base Score Exploit Score Impact Score Vector string
nvd@nist.gov 9.8 3.9 5.9
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov 7.5 10 6.4
AV:N/AC:L/Au:N/C:P/I:P/A:P
cve@mitre.org 2.9 0.4 2.5
CVSS:3.1/AV:P/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N
CWE-843 Access of Resource Using Incompatible Type ('Type Confusion')

The product allocates or initializes a resource such as a pointer, object, or variable using one type, but it later accesses that resource using a type that is incompatible with the original type.