CVE-2022-37418

Medienbericht

Exploit

EPSS 1.96%
Veröffentlicht 24.08.2022 06:15:07
Zuletzt bearbeitet 21.11.2024 07:14:57
Quelle cve@mitre.org
CVE-Watchlists
Login
Unerledigt
Login

The Remote Keyless Entry (RKE) receiving unit on certain Nissan, Kia, and Hyundai vehicles through 2017 allows remote attackers to perform unlock operations and force a resynchronization after capturing two consecutive valid key fob signals over the radio, aka a RollBack attack. The attacker retains the ability to unlock indefinitely.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 8

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Nissan ≫ Nissan Firmware Version <= 2017

Nissan ≫ Nissan Version-

Kia ≫ Kia Firmware Version <= 2017

Kia ≫ Kia Version-

Hyundai ≫ Hyundai Firmware Version <= 2017

Hyundai ≫ Hyundai Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	1.96%	0.832

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	6.4	1.2	5.2	CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:H

CWE-294 Authentication Bypass by Capture-replay

A capture-replay flaw exists when the design of the product makes it possible for a malicious user to sniff network traffic and bypass authentication by replaying it to the server in question to the same effect as the original message (or with minor changes).

https://hackaday.com/2022/08/17/rollback-breaks-into-your-car/

Third Party Advisory

Exploit

https://medium.com/codex/rollback-a-new-time-agnostic-replay-attack-against-the-automotive-remote-keyless-entry-systems-df5f99ba9490

Third Party Advisory

Exploit

https://www.blackhat.com/us-22/briefings/schedule/#rollback---a-new-time-agnostic-replay-attack-against-the-automotive-remote-keyless-entry-systems-27185

Third Party Advisory

Exploit

https://www.pcmag.com/news/is-your-car-key-fob-vulnerable-to-this-simple-replay-attack

Third Party Advisory

Press/Media Coverage