Kaspersky Advisory

(K-Mercedes-Benz-2022-001) Integer Overflow in UserData

Type

Integer Overflow

Vendor

Mercedes-Benz

Affected products

Mercedes Benz NTG 6

CVSS v3 Vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

CVSS v3 Score

5.5 medium

CVE ID

CVE-2023-34406

Vulnerability description

An issue was discovered on Mercedes Benz NTG 6. A possible integer overflow exists in the user data import/export function of NTG 6 head units. To perform this attack, local access to USB interface of the car is needed. With prepared data, an attacker can cause the User-Data service to fail. The failed service instance will restart automatically.

Remediation

Apply updates per vendor instructions.

Acknowledgements

Vulnerability was discovered by Mikhail Evdokimov (Kaspersky).

References

https://github.com/klsecservices/Advisories/blob/master/K-Mercedes-Benz-2022-001.md Report EN: https://securelist.com/mercedes-benz-head-unit-security-research/115218/ RU: https://securelist.ru/mercedes-benz-head-unit-security-research/111516/ https://github.com/klsecservices/Publications/blob/master/Mercedes-Benz_Head_Unit_security_research_report.pdf

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

K-Mercedes-Benz-2022-001.md

K-Mercedes-Benz-2022-001.md

Kaspersky Advisory

(K-Mercedes-Benz-2022-001) Integer Overflow in UserData

Type

Vendor

Affected products

CVSS v3 Vector

CVSS v3 Score

CVE ID

Vulnerability description

Remediation

Acknowledgements

References

Files

K-Mercedes-Benz-2022-001.md

Latest commit

History

K-Mercedes-Benz-2022-001.md

File metadata and controls

Kaspersky Advisory

(K-Mercedes-Benz-2022-001) Integer Overflow in UserData

Type

Vendor

Affected products

CVSS v3 Vector

CVSS v3 Score

CVE ID

Vulnerability description

Remediation

Acknowledgements

References