7.6
CVE-2022-3093
- EPSS 0.11%
- Veröffentlicht 29.03.2023 19:15:17
- Zuletzt bearbeitet 21.11.2024 07:18:48
- Quelle zdi-disclosures@trendmicro.com
- CVE-Watchlists
- Unerledigt
LoginThis vulnerability allows physical attackers to execute arbitrary code on affected Tesla vehicles. Authentication is not required to exploit this vulnerability. The specific flaw exists within the ice_updater update mechanism. The issue results from the lack of proper validation of user-supplied firmware. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-17463.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Tesla ≫ Model 3 Firmware Version < 2022.16.0.3
Tesla ≫ Model S Firmware Version < 2022.16.0.3
Tesla ≫ Model X Firmware Version < 2022.16.0.3
Tesla ≫ Model Y Firmware Version < 2022.16.0.3
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.11% | 0.302 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 6.4 | 0.5 | 5.9 |
CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
|
| zdi-disclosures@trendmicro.com | 7.6 | 0.9 | 6 |
CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
|
CWE-367 Time-of-check Time-of-use (TOCTOU) Race Condition
The product checks the state of a resource before using that resource, but the resource's state can change between the check and the use in a way that invalidates the results of the check. This can cause the product to perform invalid actions when the resource is in an unexpected state.