CVE-2024-6348

Predictable seed generation in the security access mechanism of UDS in the Blind Spot Protection Sensor ECU in Nissan Altima (2022) allows attackers to predict the requested seeds and bypass security controls via repeated ECU resets and seed requests.

CVSS v3 7.5 HIGH

7.5^/10

CVSS v3 : HIGH

Vector :

Exploitability : 3.9 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://asrg.io/security-advisories/	Not Applicable

Configurations

Configuration 1 (hide)

AND

cpe:2.3:o:nissan-global:blind_spot_protection_sensor_ecu_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:nissan-global:altima:2022:*:*:*:*:*:*:*

History

20 Aug 2024, 16:17

Type	Values Removed	Values Added
First Time		Nissan-global Nissan-global altima Nissan-global blind Spot Protection Sensor Ecu Firmware
CPE		cpe:2.3:h:nissan-global:altima:2022:::::::* cpe:2.3:o:nissan-global:blind_spot_protection_sensor_ecu_firmware:-:::::::*
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 7.5
References	~~() https://asrg.io/security-advisories/ -~~	() https://asrg.io/security-advisories/ - Not Applicable
Summary		(es) La generación de semillas predecible en el mecanismo de acceso de seguridad de UDS en Blind Spot Protection Sensor ECU en Nissan Altima (2022) permite a los atacantes predecir las semillas solicitadas y eludir los controles de seguridad mediante reinicios repetidos de la ECU y solicitudes de semillas.

19 Aug 2024, 16:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2024-08-19 16:15

Updated : 2024-08-20 16:17

NVD link : CVE-2024-6348

Mitre link : CVE-2024-6348

CVE.ORG link : CVE-2024-6348

JSON object : View

Products Affected

nissan-global

blind_spot_protection_sensor_ecu_firmware
altima

CWE

CWE-330

Use of Insufficiently Random Values

{"id": "CVE-2024-6348", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 3.9}], "cvssMetricV40": [{"type": "Secondary", "source": "cve@asrg.io", "cvssData": {"safety": "NOT_DEFINED", "version": "4.0", "recovery": "NOT_DEFINED", "baseScore": 5.3, "automatable": "YES", "attackVector": "ADJACENT", "baseSeverity": "MEDIUM", "valueDensity": "DIFFUSE", "vectorString": "CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:L/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:Y/R:X/V:D/RE:H/U:X", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "modifiedAttackVector": "NOT_DEFINED", "integrityRequirements": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "availabilityRequirements": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "subsequentSystemIntegrity": "NONE", "vulnerableSystemIntegrity": "NONE", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "confidentialityRequirements": "NOT_DEFINED", "vulnerabilityResponseEffort": "HIGH", "subsequentSystemAvailability": "NONE", "vulnerableSystemAvailability": "NONE", "subsequentSystemConfidentiality": "LOW", "vulnerableSystemConfidentiality": "LOW", "modifiedSubsequentSystemIntegrity": "NOT_DEFINED", "modifiedVulnerableSystemIntegrity": "NOT_DEFINED", "modifiedSubsequentSystemAvailability": "NOT_DEFINED", "modifiedVulnerableSystemAvailability": "NOT_DEFINED", "modifiedSubsequentSystemConfidentiality": "NOT_DEFINED", "modifiedVulnerableSystemConfidentiality": "NOT_DEFINED"}}]}, "published": "2024-08-19T16:15:08.973", "references": [{"url": "https://asrg.io/security-advisories/", "tags": ["Not Applicable"], "source": "cve@asrg.io"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-330"}]}, {"type": "Secondary", "source": "cve@asrg.io", "description": [{"lang": "en", "value": "CWE-330"}]}], "descriptions": [{"lang": "en", "value": "Predictable seed generation in the security access mechanism of UDS in the Blind Spot Protection Sensor ECU in Nissan Altima (2022) allows attackers to predict the requested seeds and bypass security controls via repeated ECU resets and seed requests."}, {"lang": "es", "value": "La generaci\u00f3n de semillas predecible en el mecanismo de acceso de seguridad de UDS en Blind Spot Protection Sensor ECU en Nissan Altima (2022) permite a los atacantes predecir las semillas solicitadas y eludir los controles de seguridad mediante reinicios repetidos de la ECU y solicitudes de semillas."}], "lastModified": "2024-08-20T16:17:03.810", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:nissan-global:blind_spot_protection_sensor_ecu_firmware:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "EBA6249A-E6EA-480A-ADA6-1B8936AA393A"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:nissan-global:altima:2022:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "9C31BBA0-733B-4F85-9687-85EEABDC2664"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "cve@asrg.io"}