Lucene search

[email protected]CVE-2023-28898

HistoryJan 12, 2024 - 4:15 p.m.

CVE-2023-28898

2024-01-1216:15:51

CWE-233

[email protected]

web.nvd.nist.gov

cve-2023-28898

real-time streaming protocol

mib3 infotainment

dos

škoda superb iii

nvd

5.3 Medium

CVSS3

Attack Vector

ADJACENT

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

5.2 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

12.9%

JSON

The Real-Time Streaming Protocol implementation in the MIB3 infotainment incorrectly handles requests to /logs URI, when the id parameter equals to zero. This issue allows an attacker connected to the in-vehicle Wi-Fi network to cause denial-of-service of the infotainment system, when the certain preconditions are met.

Vulnerability discovered on Škoda Superb III (3V3) - 2.0 TDI manufactured in 2022.

Affected configurations

NVD

Node

skoda-autosuperb_3Match-

AND

skoda-autosuperb_3_firmwareMatch2022

CPENameOperatorVersion
skoda-auto:superb_3_firmwareskoda-auto superb 3 firmwareeq2022

CPE	Name	Operator	Version
skoda-auto:superb_3_firmware	skoda-auto superb 3 firmware	eq	2022

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "MIB3 Infotainment Unit",
    "vendor": "JOYNEXT",
    "versions": [
      {
        "lessThanOrEqual": "0304",
        "status": "affected",
        "version": "0",
        "versionType": "custom"
      }
    ]
  }
]

References

nonexistent.com

5.3 Medium

CVSS3

Attack Vector

ADJACENT

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

5.2 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

12.9%

JSON

Related for CVE-2023-28898

cvelist1 prion1 nvd1