9.8

CVE-2022-23126

EPSS 1.03%
Veröffentlicht 24.01.2022 19:15:08
Zuletzt bearbeitet 28.05.2025 21:48:43
Quelle cve@mitre.org
CVE-Watchlists
Login
Unerledigt
Login

TeslaMate before 1.25.1 (when using the default Docker configuration) allows attackers to open doors of Tesla vehicles, start Keyless Driving, and interfere with vehicle operation en route. This occurs because an attacker can leverage Grafana login access to obtain a token for Tesla API calls.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 8

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Teslamate ≫ Teslamate Version < 1.25.1

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	1.03%	0.766

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	9.8	3.9	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov	7.5	10	6.4	AV:N/AC:L/Au:N/C:P/I:P/A:P

CWE-287 Improper Authentication

When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

https://github.com/adriankumpf/teslamate/commit/fff6915e7364f83b3030f980d5743299c4e5260d

Patch

Third Party Advisory

https://github.com/adriankumpf/teslamate/compare/v1.25.0...v1.25.1

Patch

Third Party Advisory

https://github.com/adriankumpf/teslamate/releases/tag/v1.25.1

Third Party Advisory

Release Notes

https://medium.com/%40david_colombo/how-i-got-access-to-25-teslas-around-the-world-by-accident-and-curiosity-8b9ef040a028

https://twitter.com/teslascope/status/1481252837174624258

Third Party Advisory

Issue Tracking

https://nvd.nist.gov/vuln/detail/CVE-2022-23126

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2022-23126

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2022-23126

EUVD