Lucene search

[email protected]CVE-2020-16142

HistoryAug 27, 2020 - 4:15 p.m.

CVE-2020-16142

2020-08-2716:15:10

CWE-134

[email protected]

web.nvd.nist.gov

mercedes-benz

c class

amg

premium plus

c220

bluetec

bluetooth

vulnerability

cve-2020-16142

comand

infotainment

software

2.9 Low

CVSS2

Attack Vector

ADJACENT_NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:A/AC:M/Au:N/C:N/I:N/A:P

3.5 Low

CVSS3

Attack Vector

ADJACENT

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

LOW

CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L

4.2 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

22.9%

JSON

On Mercedes-Benz C Class AMG Premium Plus c220 BlueTec vehicles, the Bluetooth stack mishandles %x and %c format-string specifiers in a device name in the COMAND infotainment software.

Affected configurations

NVD

Node

mercedes-benzcomandMatch-

AND

mercedes-benzc220Match-

CPENameOperatorVersion
mercedes-benz:comandmercedes-benz comandeq-

CPE	Name	Operator	Version
mercedes-benz:comand	mercedes-benz comand	eq	-

References

medium.com/%40reliable_lait_mouse_975/mercedes-comand-infotainment-improper-format-strings-handling-4c67063d744e

2.9 Low

CVSS2

Attack Vector

ADJACENT_NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:A/AC:M/Au:N/C:N/I:N/A:P

3.5 Low

CVSS3

Attack Vector

ADJACENT

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

LOW

CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L

4.2 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

22.9%

JSON

Related for CVE-2020-16142

prion1 nvd1 cvelist1