CVE-2022-37305
6.4 Medium
CVSS3
Attack Vector
ADJACENT
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:H
6.5 Medium
AI Score
Confidence
High
0.004 Low
EPSS
Percentile
73.6%
The Remote Keyless Entry (RKE) receiving unit on certain Honda vehicles through 2018 allows remote attackers to perform unlock operations and force a resynchronization after capturing five consecutive valid RKE signals over the radio, aka a RollBack attack. The attacker retains the ability to unlock indefinitely.
Affected configurations
| CPE | Name | Operator | Version |
|---|---|---|---|
| honda:honda_firmware | honda honda firmware | le | 2018 |
References
hackaday.com/2022/08/17/rollback-breaks-into-your-car/
medium.com/codex/rollback-a-new-time-agnostic-replay-attack-against-the-automotive-remote-keyless-entry-systems-df5f99ba9490
www.blackhat.com/us-22/briefings/schedule/#rollback---a-new-time-agnostic-replay-attack-against-the-automotive-remote-keyless-entry-systems-27185
www.pcmag.com/news/is-your-car-key-fob-vulnerable-to-this-simple-replay-attack
www.youtube.com/playlist?list=PLYodcy84oQL1gxwiuRm13xRXxTQL9cO5t
Social References
More
Related
6.4 Medium
CVSS3
Attack Vector
ADJACENT
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:H
6.5 Medium
AI Score
Confidence
High
0.004 Low
EPSS
Percentile
73.6%