CVE-2020-29440

2020-11-3021:23:12

mitre

www.cve.org

tesla model x

key fob

pairing

vulnerability

certificate validation

can bus

spoofed key

AI Score

4.8

Confidence

High

EPSS

0.001

Percentile

24.2%

JSON

Tesla Model X vehicles before 2020-11-23 do not perform certificate validation during an attempt to pair a new key fob with the body control module (BCM). This allows an attacker (who is inside a vehicle, or is otherwise able to send data over the CAN bus) to start and drive the vehicle with a spoofed key fob.

References

www.wired.com/story/tesla-model-x-hack-bluetooth/