-
-
Save gianpyc/4dc8b0d0c29774a10a97785711e325c3 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
[Suggested description] | |
Kia Motors Head Unit with Software version: SOP.003.30.18.0703, SOP.005.7.181019, SOP.007.1.191209 may allow | |
an attacker to inject unauthorized commands, by executing the micomd | |
executable deamon, to trigger unintended functionalities. In addition, | |
this executable may be used by an attacker to inject commands to | |
generate CAN frames that are sent into the M-CAN bus (Multimedia CAN bus) of | |
the vehicle. | |
------------------------------------------ | |
[Additional Information] | |
Initial details are available in the following technical report: | |
https://sowhat.iit.cnr.it/pdf/IIT-20-2020.pdf | |
We already wrote a not yet public version of post-exploitation module for Metasploit. | |
We contacted KIA Motors Europe reporting the vulnerability, and they released software version SOP.008.4.200619 | |
to fix the issue. | |
------------------------------------------ | |
[Vulnerability Type] | |
Insecure Permissions | |
------------------------------------------ | |
[Vendor of Product] | |
Kia Motors Corporation (Automotive) | |
------------------------------------------ | |
[Affected Product Code Base] | |
Head Unit - SOP.003.30.18.0703 | |
Head Unit - SOP.005.7.181019 | |
Head Unit - SOP.007.1.191209 | |
------------------------------------------ | |
[Affected Component] | |
Executable | |
------------------------------------------ | |
[Attack Type] | |
Local | |
------------------------------------------ | |
[Impact Information Disclosure] | |
true | |
------------------------------------------ | |
[CVE Impact Other] | |
An attacker may access the M-CAN bus (Multimedia CAN bus) of the vehicle, or alter the head unit functionalities | |
------------------------------------------ | |
[Attack Vectors] | |
To exploit this vulnerability an attacker must send crafted command to the micomd executable. | |
------------------------------------------ | |
[Reference] | |
https://sowhat.iit.cnr.it/pdf/IIT-20-2020.pdf | |
http://webhost.services.iit.cnr.it/staff/gianpiero.costantino/ | |
http://webhost.services.iit.cnr.it/staff/ilaria.matteucci/ | |
------------------------------------------ | |
[Discoverer] | |
Gianpiero Costantino, Ilaria Matteucci |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment