CVE-2020-8539 Information
Jun 07, 2022
cve
Description
Kia Motors Head Unit with Software version: SOP.003.30.18.0703 SOP.005.7.181019 and SOP.007.1.191209 may allow an attacker to inject unauthorized commands by executing the micomd executable deamon to trigger unintended functionalities. In addition this executable may be used by an attacker to inject commands to generate CAN frames that are sent into the M-CAN bus (Multimedia CAN bus) of the vehicle.
CVSS Vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Reference
https://sowhat.iit.cnr.it/pdf/IIT-20-2020.pdf https://gist.github.com/gianpyc/4dc8b0d0c29774a10a97785711e325c3
Attack Complexity
LOW
Privileges Required
LOW
User Interaction Required
LOW
Scope
NONE
Confidentiality Impact
UNCHANGED
Integrity Impact
HIGH
Availability Impact
HIGH
Base Score
HIGH
Base Severity
7.8
Share on: