Lucene search

MitreCVELIST:CVE-2021-23907

HistoryMay 13, 2021 - 6:56 p.m.

CVE-2021-23907

2021-05-1318:56:51

mitre

www.cve.org

cve-2021-23907

headunit ntg6

hiqnet protocol

remote code execution

CVSS3

2.9

Attack Vector

PHYSICAL

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:P/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N

AI Score

9.9

Confidence

High

EPSS

0.058

Percentile

93.5%

JSON

An issue was discovered in the Headunit NTG6 in the MBUX Infotainment System on Mercedes-Benz vehicles through 2021. The count in MultiSvGet, GetAttributes, and MultiSvSet is not checked in the HiQnet Protocol, leading to remote code execution.

References

keenlab.tencent.com/en/2021/05/12/Tencent-Security-Keen-Lab-Experimental-Security-Assessment-on-Mercedes-Benz-Cars/

keenlab.tencent.com/en/whitepapers/Mercedes_Benz_Security_Research_Report_Final.pdf

media.daimler.com/marsMediaSite/en/instance/ko.xhtml?oid=49946866

CVSS3

2.9

Attack Vector

PHYSICAL

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:P/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N

AI Score

9.9

Confidence

High

EPSS

0.058

Percentile

93.5%

JSON

Related for CVELIST:CVE-2021-23907