Lucene search

K
cveASRGCVE-2024-6348
HistoryAug 19, 2024 - 4:15 p.m.

CVE-2024-6348

2024-08-1916:15:08
CWE-330
ASRG
web.nvd.nist.gov
30
predictable seed generation
uds security access
blind spot protection
nissan altima
bypass security controls
ecu resets.

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CVSS4

5.3

Attack Vector

ADJACENT

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:L/SC:L/VI:N/SI:N/VA:N/SA:N/AU:Y/V:D/RE:H

AI Score

7

Confidence

Low

EPSS

0.001

Percentile

37.7%

Predictable seed generation in the security access mechanism of UDS in the Blind Spot Protection Sensor ECU in Nissan Altima (2022) allows attackers to predict the requested seeds and bypass security controls via repeated ECU resets and seed requests.

Affected configurations

Nvd
Node
nissan-globalblind_spot_protection_sensor_ecu_firmwareMatch-
AND
nissan-globalaltimaMatch2022
VendorProductVersionCPE
nissan-globalblind_spot_protection_sensor_ecu_firmware-cpe:2.3:o:nissan-global:blind_spot_protection_sensor_ecu_firmware:-:*:*:*:*:*:*:*
nissan-globalaltima2022cpe:2.3:h:nissan-global:altima:2022:*:*:*:*:*:*:*

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "modules": [
      "Blind Spot Protection Sensor"
    ],
    "packageName": "ECU",
    "product": "Altima",
    "vendor": "Nissan",
    "versions": [
      {
        "status": "unknown",
        "version": "Altima 2022"
      }
    ]
  }
]

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CVSS4

5.3

Attack Vector

ADJACENT

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:L/SC:L/VI:N/SI:N/VA:N/SA:N/AU:Y/V:D/RE:H

AI Score

7

Confidence

Low

EPSS

0.001

Percentile

37.7%

Related for CVE-2024-6348