Lucene search

MitreCVELIST:CVE-2022-37709

HistorySep 16, 2022 - 8:43 p.m.

CVE-2022-37709

2022-09-1620:43:42

mitre

www.cve.org

tesla model 3

v11.0

2022.4.5.1

6b701552d7a6

mobile app

v4.23

security vulnerability

authentication bypass

man-in-the-middle

ble channel

phone key

AI Score

5.7

Confidence

High

EPSS

0.001

Percentile

17.2%

JSON

Tesla Model 3 V11.0(2022.4.5.1 6b701552d7a6) Tesla mobile app v4.23 is vulnerable to Authentication Bypass by spoofing. Tesla Model 3’s Phone Key authentication is vulnerable to Man-in-the-middle attacks in the BLE channel. It allows attackers to open a door and drive the car away by leveraging access to a legitimate Phone Key.

References

fmsh-seclab.github.io/

github.com/fmsh-seclab/TesMla

youtu.be/cPhYW5FzA9A