Lucene search

MitreCVE-2018-18203

HistoryNov 28, 2018 - 11:29 p.m.

CVE-2018-18203

2018-11-2823:29:00

CWE-347

mitre

web.nvd.nist.gov

subaru starlink

harman

head units

vulnerability

firmware

usb

cve-2018-18203

CVSS2

6.9

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:M/Au:N/C:C/I:C/A:C

CVSS3

6.4

Attack Vector

PHYSICAL

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

6.6

Confidence

High

EPSS

0.001

Percentile

40.1%

JSON

A vulnerability in the update mechanism of Subaru StarLink Harman head units 2017, 2018, and 2019 may give an attacker (with physical access to the vehicle’s USB ports) the ability to rewrite the firmware of the head unit. This occurs because the device accepts modified QNX6 filesystem images (as long as the attacker obtains access to certain Harman decryption/encryption code) as a consequence of a bug where unsigned images pass a validity check. An attacker could potentially install persistent malicious head unit firmware and execute arbitrary code as the root user.

Affected configurations

Nvd

Node

subarustarlink_2017Match-

AND

subarustarlink_2017_firmwareMatch-

Node

subarustarlink_2018Match-

AND

subarustarlink_2018_firmwareMatch-

Node

subarustarlink_2019Match-

AND

subarustarlink_2019_firmwareMatch-

VendorProductVersionCPE
subarustarlink_2017-cpe:2.3:h:subaru:starlink_2017:-:*:*:*:*:*:*:*
subarustarlink_2017_firmware-cpe:2.3:o:subaru:starlink_2017_firmware:-:*:*:*:*:*:*:*
subarustarlink_2018-cpe:2.3:h:subaru:starlink_2018:-:*:*:*:*:*:*:*
subarustarlink_2018_firmware-cpe:2.3:o:subaru:starlink_2018_firmware:-:*:*:*:*:*:*:*
subarustarlink_2019-cpe:2.3:h:subaru:starlink_2019:-:*:*:*:*:*:*:*
subarustarlink_2019_firmware-cpe:2.3:o:subaru:starlink_2019_firmware:-:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
subaru	starlink_2017	-	cpe:2.3:h:subaru:starlink_2017:-:::::::*
subaru	starlink_2017_firmware	-	cpe:2.3:o:subaru:starlink_2017_firmware:-:::::::*
subaru	starlink_2018	-	cpe:2.3:h:subaru:starlink_2018:-:::::::*
subaru	starlink_2018_firmware	-	cpe:2.3:o:subaru:starlink_2018_firmware:-:::::::*
subaru	starlink_2019	-	cpe:2.3:h:subaru:starlink_2019:-:::::::*
subaru	starlink_2019_firmware	-	cpe:2.3:o:subaru:starlink_2019_firmware:-:::::::*

References

github.com/sgayou/subaru_starlink_research

Social References

CVSS2

6.9

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:M/Au:N/C:C/I:C/A:C

CVSS3

6.4

Attack Vector

PHYSICAL

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

6.6

Confidence

High

EPSS

0.001

Percentile

40.1%

JSON

Related for CVE-2018-18203