* Unprotected privileged mode access through UDS session in the Blind Spot Detection Sensor ECU firmware in Nissan Altima (2022) allows attackers to trigger denial-of-service (DoS) by unauthorized access to the ECU's programming session. * No preconditions implemented for ECU management functionality through UDS session in the Blind Spot Detection Sensor ECU in Nissan Altima (2022) allows attackers to disrupt normal ECU operations by triggering a control command without authentication.
History

Fri, 16 Aug 2024 15:00:00 +0000

Type Values Removed Values Added
First Time appeared Nissan-global
Nissan-global altima
Nissan-global blind Spot Detection Sensor Ecu Firmware
Weaknesses NVD-CWE-noinfo
CPEs cpe:2.3:h:nissan-global:altima:2022:*:*:*:*:*:*:*
cpe:2.3:o:nissan-global:blind_spot_detection_sensor_ecu_firmware:-:*:*:*:*:*:*:*
Vendors & Products Nissan-global
Nissan-global altima
Nissan-global blind Spot Detection Sensor Ecu Firmware
Metrics cvssV3_1

{'score': 6.5, 'vector': 'CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H'}


Thu, 15 Aug 2024 16:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Thu, 15 Aug 2024 14:45:00 +0000

Type Values Removed Values Added
Description * Unprotected privileged mode access through UDS session in the Blind Spot Detection Sensor ECU firmware in Nissan Altima (2022) allows attackers to trigger denial-of-service (DoS) by unauthorized access to the ECU's programming session. * No preconditions implemented for ECU management functionality through UDS session in the Blind Spot Detection Sensor ECU in Nissan Altima (2022) allows attackers to disrupt normal ECU operations by triggering a control command without authentication.
Title Unauthorized access to ECU functionality
Weaknesses CWE-285
CWE-306
References
Metrics cvssV4_0

{'score': 5.3, 'vector': 'CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:L/SI:L/SA:L/AU:Y/V:D/RE:H'}


cve-icon MITRE

Status: PUBLISHED

Assigner: ASRG

Published: 2024-08-15T14:37:38.448Z

Updated: 2024-08-15T15:32:49.639Z

Reserved: 2024-06-26T10:31:24.420Z

Link: CVE-2024-6347

cve-icon Vulnrichment

Updated: 2024-08-15T15:32:41.757Z

cve-icon NVD

Status : Analyzed

Published: 2024-08-15T15:15:22.093

Modified: 2024-08-16T14:33:42.730

Link: CVE-2024-6347

cve-icon Redhat

No data.