Lucene search

[email protected]NVD:CVE-2023-33281

HistoryMay 22, 2023 - 2:15 a.m.

CVE-2023-33281

2023-05-2202:15:11

CWE-294

[email protected]

web.nvd.nist.gov

nissan

sylphy classic

remote keyfob

vulnerability

replay attack

CVSS3

6.5

Attack Vector

ADJACENT

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

EPSS

0.001

Percentile

20.3%

JSON

The remote keyfob system on Nissan Sylphy Classic 2021 sends the same RF signal for each door-open request, which allows for a replay attack. NOTE: the vendor’s position is that this cannot be reproduced with genuine Nissan parts: for example, the combination of keyfob and door handle shown in the exploit demonstration does not match any technology that Nissan provides to customers.

Affected configurations

Nvd

Node

nissansylphy_classic_2021_firmwareMatch-

AND

nissansylphy_classic_2021Match-

VendorProductVersionCPE
nissansylphy_classic_2021_firmware-cpe:2.3:o:nissan:sylphy_classic_2021_firmware:-:*:*:*:*:*:*:*
nissansylphy_classic_2021-cpe:2.3:h:nissan:sylphy_classic_2021:-:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
nissan	sylphy_classic_2021_firmware	-	cpe:2.3:o:nissan:sylphy_classic_2021_firmware:-:::::::*
nissan	sylphy_classic_2021	-	cpe:2.3:h:nissan:sylphy_classic_2021:-:::::::*

References

chaos-lab.blogspot.com/2023/05/nissan-sylphy-classic-2021-fixed-code.html

twitter.com/Kevin2600/status/1658059570806415365

www.youtube.com/watch?v=GG1utSdYG1k

CVSS3

6.5

Attack Vector

ADJACENT

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

EPSS

0.001

Percentile

20.3%

JSON

Related for NVD:CVE-2023-33281

vulnrichment1 prion1 cvelist1 cve1