CVE-2024-6348

Predictable seed generation in the security access mechanism of UDS in the Blind Spot Protection Sensor ECU in Nissan Altima (2022) allows attackers to predict the requested seeds and bypass security controls via repeated ECU resets and seed requests.
References
Link Resource
https://asrg.io/security-advisories/ Not Applicable
Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:nissan-global:blind_spot_protection_sensor_ecu_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:nissan-global:altima:2022:*:*:*:*:*:*:*

History

20 Aug 2024, 16:17

Type Values Removed Values Added
First Time Nissan-global
Nissan-global altima
Nissan-global blind Spot Protection Sensor Ecu Firmware
CPE cpe:2.3:h:nissan-global:altima:2022:*:*:*:*:*:*:*
cpe:2.3:o:nissan-global:blind_spot_protection_sensor_ecu_firmware:-:*:*:*:*:*:*:*
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 7.5
References () https://asrg.io/security-advisories/ - () https://asrg.io/security-advisories/ - Not Applicable
Summary
  • (es) La generación de semillas predecible en el mecanismo de acceso de seguridad de UDS en Blind Spot Protection Sensor ECU en Nissan Altima (2022) permite a los atacantes predecir las semillas solicitadas y eludir los controles de seguridad mediante reinicios repetidos de la ECU y solicitudes de semillas.

19 Aug 2024, 16:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-08-19 16:15

Updated : 2024-08-20 16:17


NVD link : CVE-2024-6348

Mitre link : CVE-2024-6348

CVE.ORG link : CVE-2024-6348


JSON object : View

Products Affected

nissan-global

  • altima
  • blind_spot_protection_sensor_ecu_firmware
CWE
CWE-330

Use of Insufficiently Random Values