CVE-2019-14951 Information

Description

The Telenav Scout GPS Link app 1.x for iOS as used with Toyota and Lexus vehicles has an incorrect protection mechanism against brute-force attacks on the authentication process which makes it easier for attackers to obtain multimedia-screen access via port 7050 on the cellular network as demonstrated by a DrivingRestriction method call to uma/jsonrpc/mobile.

CVSS Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Reference

https://sites.google.com/site/iosappnss/more-vulnerable-apps-and-libraries

Attack Complexity

LOW

Privileges Required

NONE

User Interaction Required

NONE

Scope

NONE

Confidentiality Impact

UNCHANGED

Integrity Impact

HIGH

Availability Impact

NONE

Base Score

NONE

Base Severity

7.5