Lucene search

[email protected]NVD:CVE-2022-37709

HistorySep 16, 2022 - 10:15 p.m.

CVE-2022-37709

2022-09-1622:15:12

CWE-290

[email protected]

web.nvd.nist.gov

tesla

authentication bypass

man-in-the-middle

ble

phone key

vulnerable

CVSS3

5.3

Attack Vector

ADJACENT

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

EPSS

0.001

Percentile

17.2%

JSON

Tesla Model 3 V11.0(2022.4.5.1 6b701552d7a6) Tesla mobile app v4.23 is vulnerable to Authentication Bypass by spoofing. Tesla Model 3’s Phone Key authentication is vulnerable to Man-in-the-middle attacks in the BLE channel. It allows attackers to open a door and drive the car away by leveraging access to a legitimate Phone Key.

Affected configurations

Nvd

Node

teslamodel_3_firmwareMatch11.0

AND

teslamodel_3Match-

Node

teslateslaMatch4.23android

VendorProductVersionCPE
teslamodel_3_firmware11.0cpe:2.3:o:tesla:model_3_firmware:11.0:*:*:*:*:*:*:*
teslamodel_3-cpe:2.3:h:tesla:model_3:-:*:*:*:*:*:*:*
teslatesla4.23cpe:2.3:a:tesla:tesla:4.23:*:*:*:*:android:*:*

Vendor	Product	Version	CPE
tesla	model_3_firmware	11.0	cpe:2.3:o:tesla:model_3_firmware:11.0:::::::*
tesla	model_3	-	cpe:2.3:h:tesla:model_3:-:::::::*
tesla	tesla	4.23	cpe:2.3:a:tesla:tesla:4.23:::::android::

References

fmsh-seclab.github.io/

github.com/fmsh-seclab/TesMla

youtu.be/cPhYW5FzA9A

CVSS3

5.3

Attack Vector

ADJACENT

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

EPSS

0.001

Percentile

17.2%

JSON

Related for NVD:CVE-2022-37709

cve1 cvelist1 prion1