Lucene search

ASRGCVELIST:CVE-2023-6073

HistoryNov 10, 2023 - 7:32 a.m.

CVE-2023-6073 DoS and Control of Volume Settings for VW ID.3 ICAS3 IVI ECU

2023-11-1007:32:16

CWE-284

CWE-20

ASRG

www.cve.org

cve-2023-6073

dos

control of volume

vw id.3

icas3

ivi ecu

volkswagen group

rest api

5.7 Medium

CVSS3

Attack Vector

ADJACENT

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

0.0004 Low

EPSS

Percentile

9.1%

JSON

Attacker can perform a Denial of Service attack to crash the ICAS 3 IVI ECU in a Volkswagen ID.3 (and other vehicles of the VW Group with the same hardware) and spoof volume setting commands to irreversibly turn on audio volume to maximum via REST API calls.

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "platforms": [
      "ICAS 3 IVI ECU"
    ],
    "product": "ID.3",
    "vendor": "Volkswagen",
    "versions": [
      {
        "lessThan": "3.2",
        "status": "affected",
        "version": "0",
        "versionType": "custom"
      }
    ]
  }
]

References

asrg.io/cve-2023-6073-dos-and-control-of-volume-settings-for-vw-id-3-icas3-ivi-ecu/

5.7 Medium

CVSS3

Attack Vector

ADJACENT

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

0.0004 Low

EPSS

Percentile

9.1%

JSON

Related for CVELIST:CVE-2023-6073