CVE-2018-18070

An issue was discovered in Daimler Mercedes-Benz COMAND 17/13.0 50.12 on Mercedes-Benz C-Class 2018 vehicles. Defining or receiving a specific navigation route might cause the system to freeze and reboot after a few transmissions. When the system next starts, it tries to re-calculate the route, which will cause a boot loop. (Under certain circumstances, it is possible to quickly overwrite the malicious route to regain the stability of the system.)

CVSS v3 5.9 MEDIUM
CVSS v2.0 7.1 HIGH

5.9^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 2.2 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity HIGH

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

7.1^/10

CVSS v2.0 : HIGH

Vector : AV:N/AC:M/Au:N/C:N/I:N/A:C

Exploitability : 8.6 / Impact : 6.9

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact COMPLETE

References

Link	Resource
https://vuldb.com/?id.125080	Third Party Advisory

Configurations

Configuration 1 (hide)

AND

cpe:2.3:o:mercedes-benz:comand:17\/13.0_50.12:*:*:*:*:*:*:*

cpe:2.3:h:mercedes-benz:c-class:2018:-:*:*:*:*:*:*

History

No history.

Information

Published : 2018-10-09 09:29

Updated : 2024-02-28 16:48

NVD link : CVE-2018-18070

Mitre link : CVE-2018-18070

CVE.ORG link : CVE-2018-18070

JSON object : View

Products Affected

mercedes-benz

comand
c-class

CWE

CWE-835

Loop with Unreachable Exit Condition ('Infinite Loop')

{"id": "CVE-2018-18070", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 7.1, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:C", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "MEDIUM", "availabilityImpact": "COMPLETE", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 6.9, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.9, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 2.2}]}, "published": "2018-10-09T09:29:00.293", "references": [{"url": "https://vuldb.com/?id.125080", "tags": ["Third Party Advisory"], "source": "cve@mitre.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-835"}]}], "descriptions": [{"lang": "en", "value": "An issue was discovered in Daimler Mercedes-Benz COMAND 17/13.0 50.12 on Mercedes-Benz C-Class 2018 vehicles. Defining or receiving a specific navigation route might cause the system to freeze and reboot after a few transmissions. When the system next starts, it tries to re-calculate the route, which will cause a boot loop. (Under certain circumstances, it is possible to quickly overwrite the malicious route to regain the stability of the system.)"}, {"lang": "es", "value": "Se ha descubierto un problema en Daimler Mercedes-Benz COMAND 17/13.0 50.12 en veh\u00edculos Mercedes-Benz Clase C del 2018. Si se define o se recibe una ruta de navegaci\u00f3n concreta, el sistema podr\u00eda bloquearse y reiniciarse tras unas pocas transmisiones. Cuando el sistema arranca otra vez, intenta recalcular la ruta, lo que provocar\u00e1 un bucle de arranque. (En ciertas condiciones, es posible sobrescribir r\u00e1pidamente la ruta maliciosa para recuperar la estabilidad del sistema)."}], "lastModified": "2021-09-13T11:15:55.263", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:mercedes-benz:comand:17\\/13.0_50.12:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "086F9789-5F27-4631-97BB-D224B7FC103A"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:mercedes-benz:c-class:2018:-:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "570D62DE-12B0-42DE-A92C-09EE5EF2D64B"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "cve@mitre.org"}