Lucene search

[email protected]CVE-2023-6073

HistoryNov 10, 2023 - 8:15 a.m.

CVE-2023-6073

2023-11-1008:15:08

CWE-20

CWE-284

[email protected]

web.nvd.nist.gov

cve-2023-6073

dos attack

icas 3

ivi ecu

volkswagen id.3

vw group

rest api

6.3 Medium

CVSS3

Attack Vector

ADJACENT

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

HIGH

CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H

6.3 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

9.1%

JSON

Attacker can perform a Denial of Service attack to crash the ICAS 3 IVI ECU in a Volkswagen ID.3 (and other vehicles of the VW Group with the same hardware) and spoof volume setting commands to irreversibly turn on audio volume to maximum via REST API calls.

Affected configurations

NVD

Node

volkswagenid.3_firmwareRange<3.2

AND

volkswagenid.3Match-

CPENameOperatorVersion
volkswagen:id.3_firmwarevolkswagen id.3 firmwarelt3.2

CPE	Name	Operator	Version
volkswagen:id.3_firmware	volkswagen id.3 firmware	lt	3.2

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "platforms": [
      "ICAS 3 IVI ECU"
    ],
    "product": "ID.3",
    "vendor": "Volkswagen",
    "versions": [
      {
        "lessThan": "3.2",
        "status": "affected",
        "version": "0",
        "versionType": "custom"
      }
    ]
  }
]

References

asrg.io/cve-2023-6073-dos-and-control-of-volume-settings-for-vw-id-3-icas3-ivi-ecu/

6.3 Medium

CVSS3

Attack Vector

ADJACENT

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

HIGH

CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H

6.3 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

9.1%

JSON

Related for CVE-2023-6073

prion1 cvelist1 nvd1