ASRGCVELIST:CVE-2023-28896CVE-2023-28896 Weak encoding for password in UDS services
3.3 Low
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N
4.2 Medium
AI Score
Confidence
High
0.0004 Low
EPSS
Percentile
12.9%
Access to critical Unified Diagnostics Services (UDS) of the Modular Infotainment Platform 3Β (MIB3) infotainment is transmitted via Controller Area Network (CAN) bus in a form that can be easily decoded by attackers with physical access to the vehicle.
Vulnerability discovered onΒ Ε koda Superb III (3V3) - 2.0 TDI manufactured in 2022.
CNA Affected
[
{
"defaultStatus": "unaffected",
"product": "MIB3 Infotainment Unit",
"vendor": "JOYNEXT",
"versions": [
{
"lessThanOrEqual": "0304",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
]Related
3.3 Low
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N
4.2 Medium
AI Score
Confidence
High
0.0004 Low
EPSS
Percentile
12.9%