Lucene search

ASRGVULNRICHMENT:CVE-2024-6348

HistoryAug 19, 2024 - 3:12 p.m.

CVE-2024-6348 Predictable seed generation after ECU reset

2024-08-1915:12:25

CWE-330

ASRG

github.com

cve-2024-6348

ecu reset

blind spot protection sensor

nissan altima (2022)

security access mechanism

predictable seed generation

bypass security controls

CVSS4

5.3

Attack Vector

ADJACENT

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:L/SC:L/VI:N/SI:N/VA:N/SA:N/AU:Y/V:D/RE:H

AI Score

Confidence

Low

EPSS

0.001

Percentile

37.7%

SSVC

Exploitation

none

Automatable

Technical Impact

partial

JSON

Predictable seed generation in the security access mechanism of UDS in the Blind Spot Protection Sensor ECU in Nissan Altima (2022) allows attackers to predict the requested seeds and bypass security controls via repeated ECU resets and seed requests.

CNA Affected

[
  {
    "vendor": "Nissan",
    "modules": [
      "Blind Spot Protection Sensor"
    ],
    "product": "Altima",
    "versions": [
      {
        "status": "unknown",
        "version": "Altima 2022"
      }
    ],
    "packageName": "ECU",
    "defaultStatus": "unaffected"
  }
]

References

asrg.io/security-advisories/

CVSS4

5.3

Attack Vector

ADJACENT

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:L/SC:L/VI:N/SI:N/VA:N/SA:N/AU:Y/V:D/RE:H

AI Score

Confidence

Low

EPSS

0.001

Percentile

37.7%

SSVC

Exploitation

none

Automatable

Technical Impact

partial

JSON

Related for VULNRICHMENT:CVE-2024-6348