CVE-2023-33281

The remote keyfob system on Nissan Sylphy Classic 2021 sends the same RF signal for each door-open request, which allows for a replay attack. NOTE: the vendor's position is that this cannot be reproduced with genuine Nissan parts: for example, the combination of keyfob and door handle shown in the exploit demonstration does not match any technology that Nissan provides to customers.

CVSS v3 6.5 MEDIUM

6.5^/10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 2.8 / Impact : 3.6

Attack Vector ADJACENT_NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact HIGH

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://chaos-lab.blogspot.com/2023/05/nissan-sylphy-classic-2021-fixed-code.html	Exploit Third Party Advisory
https://twitter.com/Kevin2600/status/1658059570806415365	Exploit Third Party Advisory
https://www.youtube.com/watch?v=GG1utSdYG1k	Exploit Third Party Advisory

Configurations

Configuration 1 (hide)

AND

cpe:2.3:o:nissan:sylphy_classic_2021_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:nissan:sylphy_classic_2021:-:*:*:*:*:*:*:*

History

07 Nov 2023, 04:14

Type	Values Removed	Values Added
Summary	DISPUTED The remote keyfob system on Nissan Sylphy Classic 2021 sends the same RF signal for each door-open request, which allows for a replay attack. NOTE: the vendor's position is that this cannot be reproduced with genuine Nissan parts: for example, the combination of keyfob and door handle shown in the exploit demonstration does not match any technology that Nissan provides to customers.	The remote keyfob system on Nissan Sylphy Classic 2021 sends the same RF signal for each door-open request, which allows for a replay attack. NOTE: the vendor's position is that this cannot be reproduced with genuine Nissan parts: for example, the combination of keyfob and door handle shown in the exploit demonstration does not match any technology that Nissan provides to customers.

21 Jun 2023, 15:15

Type	Values Removed	Values Added
Summary	~~The remote keyfob system on Nissan Sylphy Classic 2021 sends the same RF signal for each door-open request, which allows for a replay attack.~~	DISPUTED The remote keyfob system on Nissan Sylphy Classic 2021 sends the same RF signal for each door-open request, which allows for a replay attack. NOTE: the vendor's position is that this cannot be reproduced with genuine Nissan parts: for example, the combination of keyfob and door handle shown in the exploit demonstration does not match any technology that Nissan provides to customers.

26 May 2023, 13:45

Type	Values Removed	Values Added
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 6.5
References	~~(MISC) https://twitter.com/Kevin2600/status/1658059570806415365 -~~	(MISC) https://twitter.com/Kevin2600/status/1658059570806415365 - Exploit, Third Party Advisory
References	~~(MISC) https://www.youtube.com/watch?v=GG1utSdYG1k -~~	(MISC) https://www.youtube.com/watch?v=GG1utSdYG1k - Exploit, Third Party Advisory
References	~~(MISC) https://chaos-lab.blogspot.com/2023/05/nissan-sylphy-classic-2021-fixed-code.html -~~	(MISC) https://chaos-lab.blogspot.com/2023/05/nissan-sylphy-classic-2021-fixed-code.html - Exploit, Third Party Advisory
CPE		cpe:2.3:o:nissan:sylphy_classic_2021_firmware:-:::::::* cpe:2.3:h:nissan:sylphy_classic_2021:-:::::::*
CWE		CWE-294
First Time		Nissan Nissan sylphy Classic 2021 Nissan sylphy Classic 2021 Firmware

Information

Published : 2023-05-22 02:15

Updated : 2024-08-02 16:15

NVD link : CVE-2023-33281

Mitre link : CVE-2023-33281

CVE.ORG link : CVE-2023-33281

JSON object : View

Products Affected

nissan

sylphy_classic_2021
sylphy_classic_2021_firmware

CWE

CWE-294

Authentication Bypass by Capture-replay

6.5 /10