Lucene search

MitreCVE-2022-37709

HistorySep 16, 2022 - 10:15 p.m.

CVE-2022-37709

2022-09-1622:15:12

CWE-290

mitre

web.nvd.nist.gov

tesla

model 3

authentication bypass

man-in-the-middle

vulnerability

nvd

cve-2022-37709

CVSS3

5.3

Attack Vector

ADJACENT

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

AI Score

5.4

Confidence

High

EPSS

0.001

Percentile

17.2%

JSON

Tesla Model 3 V11.0(2022.4.5.1 6b701552d7a6) Tesla mobile app v4.23 is vulnerable to Authentication Bypass by spoofing. Tesla Model 3’s Phone Key authentication is vulnerable to Man-in-the-middle attacks in the BLE channel. It allows attackers to open a door and drive the car away by leveraging access to a legitimate Phone Key.

Affected configurations

Nvd

Node

teslamodel_3_firmwareMatch11.0

AND

teslamodel_3Match-

Node

teslateslaMatch4.23android

VendorProductVersionCPE
teslamodel_3_firmware11.0cpe:2.3:o:tesla:model_3_firmware:11.0:*:*:*:*:*:*:*
teslamodel_3-cpe:2.3:h:tesla:model_3:-:*:*:*:*:*:*:*
teslatesla4.23cpe:2.3:a:tesla:tesla:4.23:*:*:*:*:android:*:*

Vendor	Product	Version	CPE
tesla	model_3_firmware	11.0	cpe:2.3:o:tesla:model_3_firmware:11.0:::::::*
tesla	model_3	-	cpe:2.3:h:tesla:model_3:-:::::::*
tesla	tesla	4.23	cpe:2.3:a:tesla:tesla:4.23:::::android::

References

fmsh-seclab.github.io/

github.com/fmsh-seclab/TesMla

youtu.be/cPhYW5FzA9A

Social References

CVSS3

5.3

Attack Vector

ADJACENT

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

AI Score

5.4

Confidence

High

EPSS

0.001

Percentile

17.2%

JSON

Related for CVE-2022-37709