Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cvelistASRGCVELIST:CVE-2023-28896
HistoryDec 01, 2023 - 2:01 p.m.

CVE-2023-28896 Weak encoding for password in UDS services

2023-12-0114:01:05
CWE-261
ASRG
www.cve.org
3
password encoding
uds services
mib3 infotainment
can bus
Ε‘koda superb iii
2.0 tdi
2022
vulnerability

CVSS3

3.3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N

AI Score

4.2

Confidence

High

EPSS

0

Percentile

12.7%

JSON

Access to critical Unified Diagnostics Services (UDS) of the Modular Infotainment Platform 3Β (MIB3) infotainment is transmitted via Controller Area Network (CAN) bus in a form that can be easily decoded by attackers with physical access to the vehicle.

Vulnerability discovered onΒ Ε koda Superb III (3V3) - 2.0 TDI manufactured in 2022.

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "MIB3 Infotainment Unit",
    "vendor": "JOYNEXT",
    "versions": [
      {
        "lessThanOrEqual": "0304",
        "status": "affected",
        "version": "0",
        "versionType": "custom"
      }
    ]
  }
]

Related

prion 1
nvd 1
cve 1
prion
prion
Design/Logic Flaw
2023-12-01 14:15:00
nvd
nvd
CVE-2023-28896
2023-12-01 14:15:07
cve
cve
CVE-2023-28896
2023-12-01 14:15:07

CVSS3

3.3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N

AI Score

4.2

Confidence

High

EPSS

0

Percentile

12.7%

JSON
Related for CVELIST:CVE-2023-28896
prion1nvd1cve1