CVE-2022-27254

Exploit

EPSS 3.83%
Veröffentlicht 23.03.2022 22:15:13
Zuletzt bearbeitet 21.11.2024 06:55:30
Quelle cve@mitre.org
CVE-Watchlists
Login
Unerledigt
Login

The remote keyless system on Honda Civic 2018 vehicles sends the same RF signal for each door-open request, which allows for a replay attack, a related issue to CVE-2019-20626.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 9

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Honda ≫ Civic 2018 Firmware Version-

Honda ≫ Civic 2018 Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	3.83%	0.878

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	5.3	1.6	3.6	CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
nvd@nist.gov	2.9	5.5	2.9	AV:A/AC:M/Au:N/C:N/I:P/A:N

CWE-294 Authentication Bypass by Capture-replay

A capture-replay flaw exists when the design of the product makes it possible for a malicious user to sniff network traffic and bypass authentication by replaying it to the server in question to the same effect as the original message (or with minor changes).

https://github.com/HackingIntoYourHeart/Unoriginal-Rice-Patty

Third Party Advisory

Exploit

https://drive.google.com/file/d/1MtmWfBs1r6Y3JN1HpbNsZqO1GcsdgPdc/view?usp=sharing

Third Party Advisory

Exploit

https://github.com/nonamecoder/CVE-2022-27254

Third Party Advisory

Exploit

https://news.ycombinator.com/item?id=30804702

Third Party Advisory

Exploit