Details of VAR-201805-1015

ID

VAR-201805-1015

CVE

CVE-2018-9322

TITLE

plural BMW In the series Head Unit HU_NBT Vulnerabilities related to failure of protection mechanisms in components

Trust: 0.8

sources: JVNDB: JVNDB-2018-005491

DESCRIPTION

The Head Unit HU_NBT (aka Infotainment) component on BMW i Series, BMW X Series, BMW 3 Series, BMW 5 Series, and BMW 7 Series vehicles produced in 2012 through 2018 allows local attacks involving the USB or OBD-II interface. An attacker can bypass the code-signing protection mechanism for firmware updates, and consequently obtain a root shell. plural BMW In the series Head Unit HU_NBT ( alias Infotainment) The component contains a vulnerability related to failure of the protection mechanism.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. HeadUnitHU_NBT (Infotainment) component is a system of infotainment systems. There are security holes in the HeadUnitHU_NBT component on several BMW cars (cars produced in 2012-2018). BMW Infotainment System Telematics/Control Unit/Central Gateway Module are prone to the following multiple security vulnerabilities: 1. A local code-execution vulnerability 2. A security-bypass vulnerability 3. A denial-of-service vulnerability 4. Multiple remote code-execution vulnerabilities An attacker can leverage these issues to execute arbitrary code with root privileges, bypass certain security restrictions, perform unauthorized actions, or gain sensitive information within the context of the affected system. Failed exploit attempts will likely result in denial of service conditions

Trust: 2.61

sources: NVD: CVE-2018-9322 // JVNDB: JVNDB-2018-005491 // CNVD: CNVD-2018-11310 // BID: 104258 // VULHUB: VHN-139354 // VULMON: CVE-2018-9322

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2018-11310

AFFECTED PRODUCTS

vendor:	bmw	model:	head unit hu nbt	scope:	eq	version:	-	Trust: 1.6
vendor:	bmw	model:	head unit hu nbt	scope:	-	version:	-	Trust: 0.8
vendor:	bayerische	model:	motoren werke ag bmw i series	scope:	gte	version:	2012,<=2018	Trust: 0.6
vendor:	bayerische	model:	motoren werke ag bmw series	scope:	eq	version:	x>=2012,<=2018	Trust: 0.6
vendor:	bayerische	model:	motoren werke ag bmw series	scope:	eq	version:	3>=2012,<=2018	Trust: 0.6
vendor:	bayerische	model:	motoren werke ag bmw series	scope:	eq	version:	5>=2012,<=2018	Trust: 0.6
vendor:	bayerische	model:	motoren werke ag bmw series	scope:	eq	version:	7>=2012,<=2018	Trust: 0.6
vendor:	bmw	model:	infotainment system telematics	scope:	eq	version:	0	Trust: 0.3
vendor:	bmw	model:	control unit	scope:	eq	version:	0	Trust: 0.3
vendor:	bmw	model:	central gateway module	scope:	eq	version:	0	Trust: 0.3

sources: CNVD: CNVD-2018-11310 // BID: 104258 // JVNDB: JVNDB-2018-005491 // CNNVD: CNNVD-201805-1153 // NVD: CVE-2018-9322

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2018-9322
value:	HIGH
Trust: 1.0
NVD:	CVE-2018-9322
value:	HIGH
Trust: 0.8
CNVD:	CNVD-2018-11310
value:	HIGH
Trust: 0.6
CNNVD:	CNNVD-201805-1153
value:	HIGH
Trust: 0.6
VULHUB:	VHN-139354
value:	HIGH
Trust: 0.1
VULMON:	CVE-2018-9322
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2018-9322
severity:	HIGH
baseScore:	7.2
vectorString:	AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	3.9
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9
CNVD:	CNVD-2018-11310
severity:	HIGH
baseScore:	7.2
vectorString:	AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	3.9
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
VULHUB:	VHN-139354
severity:	HIGH
baseScore:	7.2
vectorString:	AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	3.9
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2018-9322
baseSeverity:	HIGH
baseScore:	7.8
vectorString:	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	1.8
impactScore:	5.9
version:	3.0
Trust: 1.8

sources: CNVD: CNVD-2018-11310 // VULHUB: VHN-139354 // VULMON: CVE-2018-9322 // JVNDB: JVNDB-2018-005491 // CNNVD: CNNVD-201805-1153 // NVD: CVE-2018-9322

PROBLEMTYPE DATA

problemtype:

CWE-693

Trust: 1.9

sources: VULHUB: VHN-139354 // JVNDB: JVNDB-2018-005491 // NVD: CVE-2018-9322

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-201805-1153

TYPE

lack of information

Trust: 0.6

sources: CNNVD: CNNVD-201805-1153

CONFIGURATIONS

sources: JVNDB: JVNDB-2018-005491

PATCH

title:	Top Page	url:	https://www.bmw.com/en/index.html	Trust: 0.8
title:	The Register	url:	https://www.theregister.co.uk/2018/05/23/bmw_security_bugs/	Trust: 0.2
title:	usb-device-security	url:	https://github.com/parallelbeings/usb-device-security	Trust: 0.1

sources: VULMON: CVE-2018-9322 // JVNDB: JVNDB-2018-005491

EXTERNAL IDS

db:	NVD	id:	CVE-2018-9322	Trust: 3.5
db:	BID	id:	104258	Trust: 2.7
db:	JVNDB	id:	JVNDB-2018-005491	Trust: 0.8
db:	CNNVD	id:	CNNVD-201805-1153	Trust: 0.7
db:	CNVD	id:	CNVD-2018-11310	Trust: 0.6
db:	VULHUB	id:	VHN-139354	Trust: 0.1
db:	VULMON	id:	CVE-2018-9322	Trust: 0.1

sources: CNVD: CNVD-2018-11310 // VULHUB: VHN-139354 // VULMON: CVE-2018-9322 // BID: 104258 // JVNDB: JVNDB-2018-005491 // CNNVD: CNNVD-201805-1153 // NVD: CVE-2018-9322

REFERENCES

url:	https://www.theregister.co.uk/2018/05/23/bmw_security_bugs/	Trust: 2.6
url:	http://www.securityfocus.com/bid/104258	Trust: 2.5
url:	https://keenlab.tencent.com/en/experimental_security_assessment_of_bmw_cars_by_keenlab.pdf	Trust: 2.1
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-9322	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2018-9322	Trust: 0.8
url:	https://www.bmw.com/en/index.html	Trust: 0.3
url:	https://cwe.mitre.org/data/definitions/693.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1
url:	https://github.com/parallelbeings/usb-device-security	Trust: 0.1

sources: CNVD: CNVD-2018-11310 // VULHUB: VHN-139354 // VULMON: CVE-2018-9322 // BID: 104258 // JVNDB: JVNDB-2018-005491 // CNNVD: CNNVD-201805-1153 // NVD: CVE-2018-9322

CREDITS

Keen Security Lab and Tencent.

Trust: 0.9

sources: BID: 104258 // CNNVD: CNNVD-201805-1153

SOURCES

db:	CNVD	id:	CNVD-2018-11310
db:	VULHUB	id:	VHN-139354
db:	VULMON	id:	CVE-2018-9322
db:	BID	id:	104258
db:	JVNDB	id:	JVNDB-2018-005491
db:	CNNVD	id:	CNNVD-201805-1153
db:	NVD	id:	CVE-2018-9322

LAST UPDATE DATE

2024-11-23T22:06:49.620000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2018-11310	date:	2018-06-12T00:00:00
db:	VULHUB	id:	VHN-139354	date:	2018-06-29T00:00:00
db:	VULMON	id:	CVE-2018-9322	date:	2018-06-29T00:00:00
db:	BID	id:	104258	date:	2018-05-22T00:00:00
db:	JVNDB	id:	JVNDB-2018-005491	date:	2018-07-18T00:00:00
db:	CNNVD	id:	CNNVD-201805-1153	date:	2018-06-01T00:00:00
db:	NVD	id:	CVE-2018-9322	date:	2024-11-21T04:15:19.880

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2018-11310	date:	2018-06-12T00:00:00
db:	VULHUB	id:	VHN-139354	date:	2018-05-31T00:00:00
db:	VULMON	id:	CVE-2018-9322	date:	2018-05-31T00:00:00
db:	BID	id:	104258	date:	2018-05-22T00:00:00
db:	JVNDB	id:	JVNDB-2018-005491	date:	2018-07-18T00:00:00
db:	CNNVD	id:	CNNVD-201805-1153	date:	2018-06-01T00:00:00
db:	NVD	id:	CVE-2018-9322	date:	2018-05-31T12:29:00.580