7.8
CVE-2023-26244
- EPSS 0.02%
- Veröffentlicht 27.04.2023 01:15:08
- Zuletzt bearbeitet 31.01.2025 19:15:12
- Quelle cve@mitre.org
- CVE-Watchlists
- Unerledigt
LoginAn issue was discovered in the Hyundai Gen5W_L in-vehicle infotainment system AE_E_PE_EUR.S5W_L001.001.211214. The AppDMClient binary file, which is used during the firmware installation process, can be modified by an attacker to bypass the digital signature check of AppUpgrade and .lge.upgrade.xml files, which are used during the firmware installation process. This indirectly allows an attacker to use a custom version of AppUpgrade and .lge.upgrade.xml files.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Hyundai ≫ Gen5w L In-vehicle Infotainment System Firmware Version5w.xxx.s5w_l.001.001.221129
Hyundai ≫ Gen5w L In-vehicle Infotainment System Firmware Versionae_e_pe_eur.s5w_l001.001.211214
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.02% | 0.047 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 7.8 | 1.8 | 5.9 |
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
|
| 134c704f-9b21-4f2e-91b3-4a467353bcc0 | 7.8 | 1.8 | 5.9 |
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
|
CWE-269 Improper Privilege Management
The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.
CWE-863 Incorrect Authorization
The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check.