Lucene search

ASRGCVELIST:CVE-2024-6347

HistoryAug 15, 2024 - 2:37 p.m.

CVE-2024-6347 Unauthorized access to ECU functionality

2024-08-1514:37:38

CWE-306

CWE-285

ASRG

www.cve.org

cve-2024-6347

ecu

nissan altima

unauthorized access

CVSS4

5.3

Attack Vector

ADJACENT

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/SC:L/VI:L/SI:L/VA:L/SA:L/AU:Y/V:D/RE:H

EPSS

Percentile

13.3%

JSON

Unprotected privileged mode access through UDS session in the Blind Spot Detection Sensor ECU firmware in Nissan Altima (2022) allows attackers to trigger denial-of-service (DoS) by unauthorized access to the ECU’s programming session.
No preconditions implemented for ECU management functionality through UDS session in the Blind Spot Detection Sensor ECU in Nissan Altima (2022) allows attackers to disrupt normal ECU operations by triggering a control command without authentication.

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "modules": [
      "Blind Spot Protection Sensor"
    ],
    "packageName": "ECU",
    "product": "Altima",
    "vendor": "Nissan",
    "versions": [
      {
        "status": "unknown",
        "version": "Altima 2022"
      }
    ]
  }
]

References

asrg.io/security-advisories/CVE-2024-6347

CVSS4

5.3

Attack Vector

ADJACENT

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/SC:L/VI:L/SI:L/VA:L/SA:L/AU:Y/V:D/RE:H

EPSS

Percentile

13.3%

JSON

Related for CVELIST:CVE-2024-6347