Details of VAR-201805-1013

ID

VAR-201805-1013

CVE

CVE-2018-9318

TITLE

BMW Onboard Telematics Control Unit Vulnerability in protection mechanism

Trust: 0.8

sources: JVNDB: JVNDB-2018-005489

DESCRIPTION

The Telematics Control Unit (aka Telematic Communication Box or TCB), when present on BMW vehicles produced in 2012 through 2018, allows a remote attack via a cellular network. BMWvehicles and others are automotive products of the German BMW (BayerischeMotorenWerkeAG) company. There is a security hole in the Telematics ControlUnit on the BMW (models produced in 2012-2018). Allows an attacker to conduct a ranged attack. BMW Infotainment System Telematics/Control Unit/Central Gateway Module are prone to the following multiple security vulnerabilities: 1. A local code-execution vulnerability 2. A security-bypass vulnerability 3. A denial-of-service vulnerability 4. Multiple remote code-execution vulnerabilities An attacker can leverage these issues to execute arbitrary code with root privileges, bypass certain security restrictions, perform unauthorized actions, or gain sensitive information within the context of the affected system. Failed exploit attempts will likely result in denial of service conditions. BMW vehicles, etc. Remote attackers can exploit this vulnerability to attack the system

Trust: 2.61

sources: NVD: CVE-2018-9318 // JVNDB: JVNDB-2018-005489 // CNVD: CNVD-2018-11277 // BID: 104258 // VULHUB: VHN-139350 // VULMON: CVE-2018-9318

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2018-11277

AFFECTED PRODUCTS

vendor:	bmw	model:	telematics control unit	scope:	eq	version:	-	Trust: 1.6
vendor:	bmw	model:	telematics control unit	scope:	-	version:	-	Trust: 0.8
vendor:	bayerische	model:	motoren werke ag infotainment system telematics	scope:	-	version:	-	Trust: 0.6
vendor:	bayerische	model:	motoren werke ag control unit	scope:	-	version:	-	Trust: 0.6
vendor:	bayerische	model:	motoren werke ag central gateway module	scope:	-	version:	-	Trust: 0.6
vendor:	bmw	model:	infotainment system telematics	scope:	eq	version:	0	Trust: 0.3
vendor:	bmw	model:	control unit	scope:	eq	version:	0	Trust: 0.3
vendor:	bmw	model:	central gateway module	scope:	eq	version:	0	Trust: 0.3

sources: CNVD: CNVD-2018-11277 // BID: 104258 // JVNDB: JVNDB-2018-005489 // CNNVD: CNNVD-201805-1159 // NVD: CVE-2018-9318

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2018-9318
value:	CRITICAL
Trust: 1.0
NVD:	CVE-2018-9318
value:	CRITICAL
Trust: 0.8
CNVD:	CNVD-2018-11277
value:	HIGH
Trust: 0.6
CNNVD:	CNNVD-201805-1159
value:	CRITICAL
Trust: 0.6
VULHUB:	VHN-139350
value:	HIGH
Trust: 0.1
VULMON:	CVE-2018-9318
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2018-9318
severity:	HIGH
baseScore:	10.0
vectorString:	AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9
CNVD:	CNVD-2018-11277
severity:	HIGH
baseScore:	10.0
vectorString:	AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
VULHUB:	VHN-139350
severity:	HIGH
baseScore:	10.0
vectorString:	AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2018-9318
baseSeverity:	CRITICAL
baseScore:	9.8
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	5.9
version:	3.0
Trust: 1.8

sources: CNVD: CNVD-2018-11277 // VULHUB: VHN-139350 // VULMON: CVE-2018-9318 // JVNDB: JVNDB-2018-005489 // CNNVD: CNNVD-201805-1159 // NVD: CVE-2018-9318

PROBLEMTYPE DATA

problemtype:

CWE-693

Trust: 1.9

sources: VULHUB: VHN-139350 // JVNDB: JVNDB-2018-005489 // NVD: CVE-2018-9318

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201805-1159

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-201805-1159

CONFIGURATIONS

sources: JVNDB: JVNDB-2018-005489

PATCH

title:	Top Page	url:	https://www.bmw.com/en/index.html	Trust: 0.8
title:	The Register	url:	https://www.theregister.co.uk/2018/05/23/bmw_security_bugs/	Trust: 0.1

sources: VULMON: CVE-2018-9318 // JVNDB: JVNDB-2018-005489

EXTERNAL IDS

db:	NVD	id:	CVE-2018-9318	Trust: 3.5
db:	BID	id:	104258	Trust: 2.7
db:	JVNDB	id:	JVNDB-2018-005489	Trust: 0.8
db:	CNNVD	id:	CNNVD-201805-1159	Trust: 0.7
db:	CNVD	id:	CNVD-2018-11277	Trust: 0.6
db:	VULHUB	id:	VHN-139350	Trust: 0.1
db:	VULMON	id:	CVE-2018-9318	Trust: 0.1

sources: CNVD: CNVD-2018-11277 // VULHUB: VHN-139350 // VULMON: CVE-2018-9318 // BID: 104258 // JVNDB: JVNDB-2018-005489 // CNNVD: CNNVD-201805-1159 // NVD: CVE-2018-9318

REFERENCES

url:	https://www.theregister.co.uk/2018/05/23/bmw_security_bugs/	Trust: 2.7
url:	http://www.securityfocus.com/bid/104258	Trust: 2.5
url:	https://keenlab.tencent.com/en/experimental_security_assessment_of_bmw_cars_by_keenlab.pdf	Trust: 2.1
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-9318	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2018-9318	Trust: 0.8
url:	https://www.bmw.com/en/index.html	Trust: 0.3
url:	https://cwe.mitre.org/data/definitions/693.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1

sources: CNVD: CNVD-2018-11277 // VULHUB: VHN-139350 // VULMON: CVE-2018-9318 // BID: 104258 // JVNDB: JVNDB-2018-005489 // CNNVD: CNNVD-201805-1159 // NVD: CVE-2018-9318

CREDITS

Keen Security Lab and Tencent.

Trust: 0.9

sources: BID: 104258 // CNNVD: CNNVD-201805-1159

SOURCES

db:	CNVD	id:	CNVD-2018-11277
db:	VULHUB	id:	VHN-139350
db:	VULMON	id:	CVE-2018-9318
db:	BID	id:	104258
db:	JVNDB	id:	JVNDB-2018-005489
db:	CNNVD	id:	CNNVD-201805-1159
db:	NVD	id:	CVE-2018-9318

LAST UPDATE DATE

2024-11-23T22:06:49.543000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2018-11277	date:	2018-06-12T00:00:00
db:	VULHUB	id:	VHN-139350	date:	2018-06-29T00:00:00
db:	VULMON	id:	CVE-2018-9318	date:	2018-06-29T00:00:00
db:	BID	id:	104258	date:	2018-05-22T00:00:00
db:	JVNDB	id:	JVNDB-2018-005489	date:	2018-07-18T00:00:00
db:	CNNVD	id:	CNNVD-201805-1159	date:	2020-07-24T00:00:00
db:	NVD	id:	CVE-2018-9318	date:	2024-11-21T04:15:19.553

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2018-11277	date:	2018-06-12T00:00:00
db:	VULHUB	id:	VHN-139350	date:	2018-05-31T00:00:00
db:	VULMON	id:	CVE-2018-9318	date:	2018-05-31T00:00:00
db:	BID	id:	104258	date:	2018-05-22T00:00:00
db:	JVNDB	id:	JVNDB-2018-005489	date:	2018-07-18T00:00:00
db:	CNNVD	id:	CNNVD-201805-1159	date:	2018-06-01T00:00:00
db:	NVD	id:	CVE-2018-9318	date:	2018-05-31T12:29:00.487