CVE-2023-28898

EPSS 0.03%
Veröffentlicht 12.01.2024 16:15:51
Zuletzt bearbeitet 21.11.2024 07:56:14
Quelle cve@asrg.io
CVE-Watchlists
Login
Unerledigt
Login

The Real-Time Streaming Protocol implementation in the MIB3 infotainment incorrectly handles requests to /logs URI, when the id parameter equals to zero. This issue allows an attacker connected to the in-vehicle Wi-Fi network to cause denial-of-service of the infotainment system, when the certain preconditions are met.

Vulnerability discovered on Škoda Superb III (3V3) - 2.0 TDI manufactured in 2022.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 4

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Skoda-auto ≫ Superb 3 Firmware Version2022

Skoda-auto ≫ Superb 3 Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.03%	0.091

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	5.3	1.6	3.6	CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
cve@asrg.io	5.3	1.6	3.6	CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-233 Improper Handling of Parameters

The product does not properly handle when the expected number of parameters, fields, or arguments is not provided in input, or if those parameters are undefined.

https://nonexistent.com

Broken Link

https://nvd.nist.gov/vuln/detail/CVE-2023-28898

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2023-28898

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2023-28898

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2023-28898