CVE-2023-32156

2024-05-0302:15:20

CWE-367

[email protected]

web.nvd.nist.gov

tesla model 3

gateway firmware

signature validation

bypass

vulnerability

network-adjacent attackers

arbitrary code

error-handling

update process

gateway ecu

zdi-can-20734

CVSS3

Attack Vector

ADJACENT

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

EPSS

0.001

Percentile

28.8%

JSON

Tesla Model 3 Gateway Firmware Signature Validation Bypass Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected Tesla Model 3 vehicles. An attacker must first obtain the ability to execute privileged code on the Tesla infotainment system in order to exploit this vulnerability.

The specific flaw exists within the handling of firmware updates. The issue results from improper error-handling during the update process. An attacker can leverage this vulnerability to execute code in the context of Tesla’s Gateway ECU.
. Was ZDI-CAN-20734.