The Real-Time Streaming Protocol implementation in the MIB3 infotainment incorrectly handles requests to /logs URI, when the id parameter equals to zero. This issue allows an attacker connected to the in-vehicle Wi-Fi network to cause denial-of-service of the infotainment system, when the certain preconditions are met. Vulnerability discovered on Škoda Superb III (3V3) - 2.0 TDI manufactured in 2022.
References
Link Providers
https://nonexistent.com cve-icon cve-icon
History

Thu, 14 Nov 2024 16:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


cve-icon MITRE

Status: PUBLISHED

Assigner: ASRG

Published: 2024-01-12T16:04:57.218Z

Updated: 2024-11-14T15:48:25.166Z

Reserved: 2023-03-27T14:51:13.968Z

Link: CVE-2023-28898

cve-icon Vulnrichment

Updated: 2024-08-02T13:51:38.920Z

cve-icon NVD

Status : Modified

Published: 2024-01-12T16:15:51.747

Modified: 2024-11-21T07:56:14.333

Link: CVE-2023-28898

cve-icon Redhat

No data.