Lucene search

[email protected]CVE-2023-28885

HistoryMar 27, 2023 - 4:15 a.m.

CVE-2023-28885

2023-03-2704:15:10

CWE-787

[email protected]

web.nvd.nist.gov

cve-2023-28885

general motors

chevrolet equinox

mylink

infotainment system

denial of service

mp3 file

6.8 Medium

CVSS3

Attack Vector

PHYSICAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

6.3 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

25.8%

JSON

The MyLink infotainment system (build 2021.3.26) in General Motors Chevrolet Equinox 2021 vehicles allows attackers to cause a denial of service (temporary failure of Media Player functionality) via a crafted MP3 file.

Affected configurations

NVD

Node

gmmylink_infotainment_systemMatch2021.3.26

AND

gmchevrolet_equinoxMatch2021-

CPENameOperatorVersion
gm:mylink_infotainment_systemgm mylink infotainment systemeq2021.3.26

CPE	Name	Operator	Version
gm:mylink_infotainment_system	gm mylink infotainment system	eq	2021.3.26

References

github.com/zj3t/Automotive-vulnerabilities/tree/main/GM/Chevrolet_Equinox2021

github.com/zj3t/GM_Vulnerability

6.8 Medium

CVSS3

Attack Vector

PHYSICAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

6.3 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

25.8%

JSON

Related for CVE-2023-28885

prion1 cvelist1 nvd1