Lucene search

ASRGCVELIST:CVE-2024-6348

HistoryAug 19, 2024 - 3:12 p.m.

CVE-2024-6348 Predictable seed generation after ECU reset

2024-08-1915:12:25

CWE-330

ASRG

www.cve.org

cve-2024-6348; predictable seed generation; security access mechanism; uds; blind spot protection sensor ecu; nissan altima; attackers; bypass security controls.

CVSS4

5.3

Attack Vector

ADJACENT

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:L/SC:L/VI:N/SI:N/VA:N/SA:N/AU:Y/V:D/RE:H

EPSS

0.001

Percentile

37.7%

JSON

Predictable seed generation in the security access mechanism of UDS in the Blind Spot Protection Sensor ECU in Nissan Altima (2022) allows attackers to predict the requested seeds and bypass security controls via repeated ECU resets and seed requests.

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "modules": [
      "Blind Spot Protection Sensor"
    ],
    "packageName": "ECU",
    "product": "Altima",
    "vendor": "Nissan",
    "versions": [
      {
        "status": "unknown",
        "version": "Altima 2022"
      }
    ]
  }
]

References

asrg.io/security-advisories/

CVSS4

5.3

Attack Vector

ADJACENT

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:L/SC:L/VI:N/SI:N/VA:N/SA:N/AU:Y/V:D/RE:H

EPSS

0.001

Percentile

37.7%

JSON

Related for CVELIST:CVE-2024-6348