Lucene search

ASRGCVE-2023-28897

HistoryJan 12, 2024 - 4:15 p.m.

CVE-2023-28897

2024-01-1216:15:51

CWE-798

ASRG

web.nvd.nist.gov

cve-2023-28897

mib3

infotainment

firmware

vulnerability

škoda superb iii

3v3

2.0 tdi

nvd

hardcoded

uds services

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

9.3

Confidence

High

EPSS

0.001

Percentile

39.1%

JSON

The secret value used for access to critical UDS services of the MIB3 infotainment is hardcoded in the firmware.

Vulnerability discovered on Škoda Superb III (3V3) - 2.0 TDI manufactured in 2022.

Affected configurations

Nvd

Node

skoda-autosuperb_3Match-

AND

skoda-autosuperb_3_firmwareMatch2022

VendorProductVersionCPE
skoda-autosuperb_3-cpe:2.3:h:skoda-auto:superb_3:-:*:*:*:*:*:*:*
skoda-autosuperb_3_firmware2022cpe:2.3:o:skoda-auto:superb_3_firmware:2022:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
skoda-auto	superb_3	-	cpe:2.3:h:skoda-auto:superb_3:-:::::::*
skoda-auto	superb_3_firmware	2022	cpe:2.3:o:skoda-auto:superb_3_firmware:2022:::::::*

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "MIB3 Infotainment Unit",
    "vendor": "JOYNEXT",
    "versions": [
      {
        "lessThanOrEqual": "0304",
        "status": "affected",
        "version": "0",
        "versionType": "custom"
      }
    ]
  }
]

References

asrg.io/security-advisories/cve-2023-28897

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

9.3

Confidence

High

EPSS

0.001

Percentile

39.1%

JSON

Related for CVE-2023-28897