CVE-2024-6348 Vulnerability Details

  /     /     /  

CVE-2024-6348 Metadata Quick Info

CVE Published: 19/08/2024 | CVE Updated: 19/08/2024 | CVE Year: 2024
Source: ASRG | Vendor: Nissan | Product: Altima
Status : PUBLISHED

CVE-2024-6348 Description

Predictable seed generation in the security access mechanism of UDS in the Blind Spot Protection Sensor ECU in Nissan Altima (2022) allows attackers to predict the requested seeds and bypass security controls via repeated ECU resets and seed requests.

Metrics

CVSS Version: 3.1 | Base Score: n/a
Vector: n/a

l➤ Exploitability Metrics:
    Attack Vector (AV)*
    Attack Complexity (AC)*
    Privileges Required (PR)*
    User Interaction (UI)*
    Scope (S)*

l➤ Impact Metrics:
    Confidentiality Impact (C)*
    Integrity Impact (I)*
    Availability Impact (A)*

Weakness Enumeration (CWE)

CWE-ID: CWE-330
CWE Name: CWE-330: Use of Insufficiently Random Values
Source: Nissan

Common Attack Pattern Enumeration and Classification (CAPEC)

CAPEC-ID: CAPEC-112
CAPEC Description: CAPEC-112: Brute Force - An attacker can use brute force techniques to pre-calculate keys for the known seeds


Source: NVD (National Vulnerability Database).

Last added CVEs

▸ CVE-2024-9999 ◂
Discovered: 12/11/2024
Status: PUBLISHED
▸ CVE-2024-9997 ◂
Discovered: 29/10/2024
Status: PUBLISHED
▸ CVE-2024-9996 ◂
Discovered: 29/10/2024
Status: PUBLISHED



Tags:
CVE-2024-6348 Vulnerability Details