CVE-2020-8539

Kia Motors Head Unit with Software version: SOP.003.30.18.0703, SOP.005.7.181019, and SOP.007.1.191209 may allow an attacker to inject unauthorized commands, by executing the micomd executable deamon, to trigger unintended functionalities. In addition, this executable may be used by an attacker to inject commands to generate CAN frames that are sent into the M-CAN bus (Multimedia CAN bus) of the vehicle.
References
Configurations

Configuration 1 (hide)

AND
OR cpe:2.3:o:kia:head_unit_firmware:sop.003.30.18.0703:*:*:*:*:*:*:*
cpe:2.3:o:kia:head_unit_firmware:sop.005.7.181019:*:*:*:*:*:*:*
cpe:2.3:o:kia:head_unit_firmware:sop.007.1.191209:*:*:*:*:*:*:*
cpe:2.3:h:kia:head_unit:-:*:*:*:*:*:*:*

History

No history.

Information

Published : 2020-12-01 18:15

Updated : 2024-02-28 18:08


NVD link : CVE-2020-8539

Mitre link : CVE-2020-8539

CVE.ORG link : CVE-2020-8539


JSON object : View

Products Affected

kia

  • head_unit_firmware
  • head_unit
CWE
CWE-276

Incorrect Default Permissions