CVE-2020-8539
Summary
| CVE | CVE-2020-8539 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2020-12-01 18:15:00 UTC |
| Updated | 2020-12-08 02:37:00 UTC |
| Description | Kia Motors Head Unit with Software version: SOP.003.30.18.0703, SOP.005.7.181019, and SOP.007.1.191209 may allow an attacker to inject unauthorized commands, by executing the micomd executable deamon, to trigger unintended functionalities. In addition, this executable may be used by an attacker to inject commands to generate CAN frames that are sent into the M-CAN bus (Multimedia CAN bus) of the vehicle. |
Risk And Classification
Problem Types: CWE-276
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Hardware | Kia | Head Unit | - | All | All | All |
| Hardware | Kia | Head Unit | - | All | All | All |
| Operating System | Kia | Head Unit Firmware | sop.003.30.18.0703 | All | All | All |
| Operating System | Kia | Head Unit Firmware | sop.005.7.181019 | All | All | All |
| Operating System | Kia | Head Unit Firmware | sop.007.1.191209 | All | All | All |
| Operating System | Kia | Head Unit Firmware | sop.003.30.18.0703 | All | All | All |
| Operating System | Kia | Head Unit Firmware | sop.005.7.181019 | All | All | All |
| Operating System | Kia | Head Unit Firmware | sop.007.1.191209 | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| sowhat.iit.cnr.it/pdf/IIT-20-2020.pdf | MISC | sowhat.iit.cnr.it | Exploit, Third Party Advisory |
| KIA Head Unit vulnerability · GitHub | MISC | gist.github.com | Third Party Advisory |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.