Lucene search

[email protected]NVD:CVE-2023-6073

HistoryNov 10, 2023 - 8:15 a.m.

CVE-2023-6073

2023-11-1008:15:08

CWE-20

CWE-284

[email protected]

web.nvd.nist.gov

volkswagen

icas 3 ivi ecu

denial of service

rest api

volume setting

CVSS3

6.3

Attack Vector

ADJACENT

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

HIGH

CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H

EPSS

Percentile

9.0%

JSON

Attacker can perform a Denial of Service attack to crash the ICAS 3 IVI ECU in a Volkswagen ID.3 (and other vehicles of the VW Group with the same hardware) and spoof volume setting commands to irreversibly turn on audio volume to maximum via REST API calls.

Affected configurations

Nvd

Node

volkswagenid.3_firmwareRange<3.2

AND

volkswagenid.3Match-

VendorProductVersionCPE
volkswagenid.3_firmware*cpe:2.3:o:volkswagen:id.3_firmware:*:*:*:*:*:*:*:*
volkswagenid.3-cpe:2.3:h:volkswagen:id.3:-:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
volkswagen	id.3_firmware	*	cpe:2.3:o:volkswagen:id.3_firmware::::::::
volkswagen	id.3	-	cpe:2.3:h:volkswagen:id.3:-:::::::*

References

asrg.io/cve-2023-6073-dos-and-control-of-volume-settings-for-vw-id-3-icas3-ivi-ecu/

CVSS3

6.3

Attack Vector

ADJACENT

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

HIGH

CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H

EPSS

Percentile

9.0%

JSON

Related for NVD:CVE-2023-6073

prion1 cvelist1 cve1