CVE-2021-23907 - OpenCVE

An issue was discovered in the Headunit NTG6 in the MBUX Infotainment System on Mercedes-Benz vehicles through 2021. The count in MultiSvGet, GetAttributes, and MultiSvSet is not checked in the HiQnet Protocol, leading to remote code execution.

No CVSS v4.0

Attack Vector Physical

Attack Complexity High

Privileges Required None

Scope Unchanged

Confidentiality Impact Low

Integrity Impact Low

Availability Impact None

User Interaction Required

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:N/AC:L/Au:N/C:P/I:P/A:P

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Mercedes-benz	A 220 A 220 4matic E 350 E 350 4matic Eqc Gle 350 Gle 350 4matic Headunit Ntg6 Mercedes-benz User Experience

Configuration 1 [-]

AND

OR	cpe:2.3:h:mercedes-benz:a_220:-:::::::*
	cpe:2.3:h:mercedes-benz:a_220_4matic:-:::::::*
	cpe:2.3:h:mercedes-benz:e_350:-:::::::*
	cpe:2.3:h:mercedes-benz:e_350_4matic:-:::::::*
	cpe:2.3:h:mercedes-benz:eqc:-:::::::*
	cpe:2.3:h:mercedes-benz:gle_350:-:::::::*
	cpe:2.3:h:mercedes-benz:gle_350_4matic:-:::::::*

cpe:2.3:a:mercedes-benz:headunit_ntg6_mercedes-benz_user_experience:2021:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://keenlab.tencent.com/en/2021/05/12/Tencent-Security-Keen-Lab-Experimental-Security-Assessment-on-Mercedes-Benz-Cars/
https://keenlab.tencent.com/en/whitepapers/Mercedes_Benz_Security_Research_Report_Final.pdf
https://media.daimler.com/marsMediaSite/en/instance/ko.xhtml?oid=49946866

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2021-05-13T18:56:51

Updated: 2024-08-03T19:14:09.387Z

Reserved: 2021-01-12T00:00:00

Link: CVE-2021-23907

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2021-05-13T19:15:07.797

Modified: 2022-02-24T19:27:20.827

Link: CVE-2021-23907

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "descriptions": [{"lang": "en", "value": "An issue was discovered in the Headunit NTG6 in the MBUX Infotainment System on Mercedes-Benz vehicles through 2021. The count in MultiSvGet, GetAttributes, and MultiSvSet is not checked in the HiQnet Protocol, leading to remote code execution."}], "metrics": [{"cvssV3_1": {"attackComplexity": "HIGH", "attackVector": "PHYSICAL", "availabilityImpact": "NONE", "baseScore": 2.9, "baseSeverity": "LOW", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AC:H/AV:P/A:N/C:L/I:L/PR:N/S:U/UI:R", "version": "3.1"}}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2021-05-13T18:56:51", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://media.daimler.com/marsMediaSite/en/instance/ko.xhtml?oid=49946866"}, {"tags": ["x_refsource_MISC"], "url": "https://keenlab.tencent.com/en/2021/05/12/Tencent-Security-Keen-Lab-Experimental-Security-Assessment-on-Mercedes-Benz-Cars/"}, {"tags": ["x_refsource_MISC"], "url": "https://keenlab.tencent.com/en/whitepapers/Mercedes_Benz_Security_Research_Report_Final.pdf"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2021-23907", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "An issue was discovered in the Headunit NTG6 in the MBUX Infotainment System on Mercedes-Benz vehicles through 2021. The count in MultiSvGet, GetAttributes, and MultiSvSet is not checked in the HiQnet Protocol, leading to remote code execution."}]}, "impact": {"cvss": {"attackComplexity": "HIGH", "attackVector": "PHYSICAL", "availabilityImpact": "NONE", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AC:H/AV:P/A:N/C:L/I:L/PR:N/S:U/UI:R", "version": "3.1"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "https://media.daimler.com/marsMediaSite/en/instance/ko.xhtml?oid=49946866", "refsource": "MISC", "url": "https://media.daimler.com/marsMediaSite/en/instance/ko.xhtml?oid=49946866"}, {"name": "https://keenlab.tencent.com/en/2021/05/12/Tencent-Security-Keen-Lab-Experimental-Security-Assessment-on-Mercedes-Benz-Cars/", "refsource": "MISC", "url": "https://keenlab.tencent.com/en/2021/05/12/Tencent-Security-Keen-Lab-Experimental-Security-Assessment-on-Mercedes-Benz-Cars/"}, {"name": "https://keenlab.tencent.com/en/whitepapers/Mercedes_Benz_Security_Research_Report_Final.pdf", "refsource": "MISC", "url": "https://keenlab.tencent.com/en/whitepapers/Mercedes_Benz_Security_Research_Report_Final.pdf"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T19:14:09.387Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://media.daimler.com/marsMediaSite/en/instance/ko.xhtml?oid=49946866"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://keenlab.tencent.com/en/2021/05/12/Tencent-Security-Keen-Lab-Experimental-Security-Assessment-on-Mercedes-Benz-Cars/"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://keenlab.tencent.com/en/whitepapers/Mercedes_Benz_Security_Research_Report_Final.pdf"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2021-23907", "datePublished": "2021-05-13T18:56:51", "dateReserved": "2021-01-12T00:00:00", "dateUpdated": "2024-08-03T19:14:09.387Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:h:mercedes-benz:a_220:-:*:*:*:*:*:*:*", "matchCriteriaId": "00C6FB3F-99E8-4F72-8B40-93AB5244D3A3", "vulnerable": false}, {"criteria": "cpe:2.3:h:mercedes-benz:a_220_4matic:-:*:*:*:*:*:*:*", "matchCriteriaId": "6AE91DA7-054C-43D0-9E4D-6385375A5739", "vulnerable": false}, {"criteria": "cpe:2.3:h:mercedes-benz:e_350:-:*:*:*:*:*:*:*", "matchCriteriaId": "D7F9C8E2-57A0-4D2D-8211-33104006B92B", "vulnerable": false}, {"criteria": "cpe:2.3:h:mercedes-benz:e_350_4matic:-:*:*:*:*:*:*:*", "matchCriteriaId": "8EC39015-8D7D-4B64-9EBF-C51576DC97A9", "vulnerable": false}, {"criteria": "cpe:2.3:h:mercedes-benz:eqc:-:*:*:*:*:*:*:*", "matchCriteriaId": "435101DE-3319-4633-8FCC-03CC247F091D", "vulnerable": false}, {"criteria": "cpe:2.3:h:mercedes-benz:gle_350:-:*:*:*:*:*:*:*", "matchCriteriaId": "12F309D8-C0F6-46A3-9B9E-B3C62EAF0230", "vulnerable": false}, {"criteria": "cpe:2.3:h:mercedes-benz:gle_350_4matic:-:*:*:*:*:*:*:*", "matchCriteriaId": "53E65192-1977-44E6-AF77-370CAB4AC3BB", "vulnerable": false}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:a:mercedes-benz:headunit_ntg6_mercedes-benz_user_experience:2021:*:*:*:*:*:*:*", "matchCriteriaId": "42670EBA-2A3A-4AFD-AFA9-8D16EB0DAAC0", "vulnerable": true}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "An issue was discovered in the Headunit NTG6 in the MBUX Infotainment System on Mercedes-Benz vehicles through 2021. The count in MultiSvGet, GetAttributes, and MultiSvSet is not checked in the HiQnet Protocol, leading to remote code execution."}, {"lang": "es", "value": "Se detect\u00f3 un problema en la unidad principal NTG6 del sistema de infoentretenimiento MBUX en los veh\u00edculos Mercedes-Benz hasta 2021. El recuento en MultiSvGet, GetAttributes y MultiSvSet no se comprueba en el protocolo HiQnet, lo que lleva a la ejecuci\u00f3n remota de c\u00f3digo"}], "id": "CVE-2021-23907", "lastModified": "2022-02-24T19:27:20.827", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "HIGH", "attackVector": "PHYSICAL", "availabilityImpact": "NONE", "baseScore": 2.9, "baseSeverity": "LOW", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:P/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 0.4, "impactScore": 2.5, "source": "cve@mitre.org", "type": "Secondary"}]}, "published": "2021-05-13T19:15:07.797", "references": [{"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://keenlab.tencent.com/en/2021/05/12/Tencent-Security-Keen-Lab-Experimental-Security-Assessment-on-Mercedes-Benz-Cars/"}, {"source": "cve@mitre.org", "tags": ["Exploit", "Third Party Advisory"], "url": "https://keenlab.tencent.com/en/whitepapers/Mercedes_Benz_Security_Research_Report_Final.pdf"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://media.daimler.com/marsMediaSite/en/instance/ko.xhtml?oid=49946866"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}]}