CVE-2024-6030

EPSS 0.14%
Veröffentlicht 30.04.2025 20:00:36
Zuletzt bearbeitet 12.08.2025 15:16:26
Quelle zdi-disclosures@trendmicro.com
CVE-Watchlists
Login
Unerledigt
Login

Tesla Model S oFono Unnecessary Privileges Sandbox Escape Vulnerability

Tesla Model S oFono Unnecessary Privileges Sandbox Escape Vulnerability. This vulnerability allows local attackers to escape the sandbox on affected Tesla Model S vehicles. An attacker must first obtain the ability to execute code within the sandbox on the target system in order to exploit this vulnerability.
 
The specific flaw exists within the oFono process. The process allows an attacker to modify interfaces. An attacker can leverage this vulnerability to bypass the iptables network sandbox. Was ZDI-CAN-23200.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 4

NVD 1 VulnDex Vulnerability Enrichment 1

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Tesla ≫ Model S Firmware Version < 2024.8

Tesla ≫ Model S Version-

VulnDex Vulnerability Enrichment

Diese Information steht angemeldeten Benutzern zur Verfügung.

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.14%	0.038

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
zdi-disclosures@trendmicro.com	7	1	5.9	CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE-250 Execution with Unnecessary Privileges

The product performs an operation at a privilege level that is higher than the minimum level required, which creates new weaknesses or amplifies the consequences of other weaknesses.

https://www.zerodayinitiative.com/advisories/ZDI-25-263/

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2024-6030

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2024-6030

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2024-6030

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2024-6030