Lucene search

MitreCVE-2023-28885

HistoryMar 27, 2023 - 4:15 a.m.

CVE-2023-28885

2023-03-2704:15:10

CWE-787

mitre

web.nvd.nist.gov

cve-2023-28885

general motors

chevrolet equinox

mylink

infotainment system

denial of service

mp3 file

CVSS3

6.8

Attack Vector

PHYSICAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

6.3

Confidence

High

EPSS

0.001

Percentile

29.7%

JSON

The MyLink infotainment system (build 2021.3.26) in General Motors Chevrolet Equinox 2021 vehicles allows attackers to cause a denial of service (temporary failure of Media Player functionality) via a crafted MP3 file.

Affected configurations

Nvd

Node

gmmylink_infotainment_systemMatch2021.3.26

AND

gmchevrolet_equinoxMatch2021-

VendorProductVersionCPE
gmmylink_infotainment_system2021.3.26cpe:2.3:a:gm:mylink_infotainment_system:2021.3.26:*:*:*:*:*:*:*
gmchevrolet_equinox2021cpe:2.3:h:gm:chevrolet_equinox:2021:-:*:*:*:*:*:*

Vendor	Product	Version	CPE
gm	mylink_infotainment_system	2021.3.26	cpe:2.3:a:gm:mylink_infotainment_system:2021.3.26:::::::*
gm	chevrolet_equinox	2021	cpe:2.3:h:gm:chevrolet_equinox:2021:-::::::

References

github.com/zj3t/Automotive-vulnerabilities/tree/main/GM/Chevrolet_Equinox2021

github.com/zj3t/GM_Vulnerability

CVSS3

6.8

Attack Vector

PHYSICAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

6.3

Confidence

High

EPSS

0.001

Percentile

29.7%

JSON

Related for CVE-2023-28885