Multiple BMW Products Multiple Security Vulnerabilities
BID:104258
CVE-2018-9311 | CVE-2018-9312 | CVE-2018-9313 | CVE-2018-9314 | CVE-2018-9318 | CVE-2018-9320 | CVE-2018-9322 |Info
Multiple BMW Products Multiple Security Vulnerabilities
| Bugtraq ID: | 104258 |
| Class: | Design Error |
| CVE: |
CVE-2018-9322 CVE-2018-9320 CVE-2018-9312 CVE-2018-9313 CVE-2018-9314 CVE-2018-9311 CVE-2018-9318 |
| Remote: | Yes |
| Local: | Yes |
| Published: | May 22 2018 12:00AM |
| Updated: | May 22 2018 12:00AM |
| Credit: | Keen Security Lab and Tencent. |
| Vulnerable: |
BMW Infotainment System Telematics 0 BMW Control Unit 0 BMW Central Gateway Module 0 |
| Not Vulnerable: | |
Discussion
Multiple BMW Products Multiple Security Vulnerabilities
BMW Infotainment System Telematics/Control Unit/Central Gateway Module are prone to the following multiple security vulnerabilities:
1. A local code-execution vulnerability
2. A security-bypass vulnerability
3. A denial-of-service vulnerability
4. Multiple remote code-execution vulnerabilities
An attacker can leverage these issues to execute arbitrary code with root privileges, bypass certain security restrictions, perform unauthorized actions, or gain sensitive information within the context of the affected system. Failed exploit attempts will likely result in denial of service conditions.
BMW Infotainment System Telematics/Control Unit/Central Gateway Module are prone to the following multiple security vulnerabilities:
1. A local code-execution vulnerability
2. A security-bypass vulnerability
3. A denial-of-service vulnerability
4. Multiple remote code-execution vulnerabilities
An attacker can leverage these issues to execute arbitrary code with root privileges, bypass certain security restrictions, perform unauthorized actions, or gain sensitive information within the context of the affected system. Failed exploit attempts will likely result in denial of service conditions.
Exploit / POC
Multiple BMW Products Multiple Security Vulnerabilities
Currently, we are not aware of any working exploits. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
Currently, we are not aware of any working exploits. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
Solution / Fix
Multiple BMW Products Multiple Security Vulnerabilities
Solution:
Currently, we are not aware of any vendor-supplied patches. If you feel we are in error or are aware of more recent information, please mail us at: [email protected].
Solution:
Currently, we are not aware of any vendor-supplied patches. If you feel we are in error or are aware of more recent information, please mail us at: [email protected].
References
Multiple BMW Products Multiple Security Vulnerabilities
References:
References: