CVE-2020-8539

Kia Motors Head Unit with Software version: SOP.003.30.18.0703, SOP.005.7.181019, and SOP.007.1.191209 may allow an attacker to inject unauthorized commands, by executing the micomd executable deamon, to trigger unintended functionalities. In addition, this executable may be used by an attacker to inject commands to generate CAN frames that are sent into the M-CAN bus (Multimedia CAN bus) of the vehicle.
Configurations

Configuration 1 (hide)

AND
OR cpe:2.3:o:kia:head_unit_firmware:sop.003.30.18.0703:*:*:*:*:*:*:*
cpe:2.3:o:kia:head_unit_firmware:sop.005.7.181019:*:*:*:*:*:*:*
cpe:2.3:o:kia:head_unit_firmware:sop.007.1.191209:*:*:*:*:*:*:*
cpe:2.3:h:kia:head_unit:-:*:*:*:*:*:*:*

History

21 Nov 2024, 05:38

Type Values Removed Values Added
References () https://gist.github.com/gianpyc/4dc8b0d0c29774a10a97785711e325c3 - Third Party Advisory () https://gist.github.com/gianpyc/4dc8b0d0c29774a10a97785711e325c3 - Third Party Advisory
References () https://sowhat.iit.cnr.it/pdf/IIT-20-2020.pdf - Exploit, Third Party Advisory () https://sowhat.iit.cnr.it/pdf/IIT-20-2020.pdf - Exploit, Third Party Advisory

Information

Published : 2020-12-01 18:15

Updated : 2024-11-21 05:38


NVD link : CVE-2020-8539

Mitre link : CVE-2020-8539

CVE.ORG link : CVE-2020-8539


JSON object : View

Products Affected

kia

  • head_unit_firmware
  • head_unit
CWE
CWE-276

Incorrect Default Permissions