Lucene search

[email protected]NVD:CVE-2022-37418

HistoryAug 24, 2022 - 6:15 a.m.

CVE-2022-37418

2022-08-2406:15:07

CWE-294

[email protected]

web.nvd.nist.gov

6.4 Medium

CVSS3

Attack Vector

ADJACENT

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:H

0.004 Low

EPSS

Percentile

73.7%

JSON

The Remote Keyless Entry (RKE) receiving unit on certain Nissan, Kia, and Hyundai vehicles through 2017 allows remote attackers to perform unlock operations and force a resynchronization after capturing two consecutive valid key fob signals over the radio, aka a RollBack attack. The attacker retains the ability to unlock indefinitely.

Affected configurations

NVD

Node

nissannissan_firmwareRange≤2017

AND

nissannissanMatch-

Node

kiakia_firmwareRange≤2017

AND

kiakiaMatch-

Node

hyundaihyundai_firmwareRange≤2017

AND

hyundaihyundaiMatch-

References

hackaday.com/2022/08/17/rollback-breaks-into-your-car/

medium.com/codex/rollback-a-new-time-agnostic-replay-attack-against-the-automotive-remote-keyless-entry-systems-df5f99ba9490

www.blackhat.com/us-22/briefings/schedule/#rollback---a-new-time-agnostic-replay-attack-against-the-automotive-remote-keyless-entry-systems-27185

www.pcmag.com/news/is-your-car-key-fob-vulnerable-to-this-simple-replay-attack

www.youtube.com/playlist?list=PLYodcy84oQL1gxwiuRm13xRXxTQL9cO5t

6.4 Medium

CVSS3

Attack Vector

ADJACENT

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:H

0.004 Low

EPSS

Percentile

73.7%

JSON

Related for NVD:CVE-2022-37418

prion1 cvelist1 cve1