{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-28903", "assignerOrgId": "c15abc07-96a9-4d11-a503-5d621bfe42ba", "state": "PUBLISHED", "assignerShortName": "ASRG", "dateReserved": "2023-03-27T14:51:16.417Z", "datePublished": "2025-06-28T15:38:02.954Z", "dateUpdated": "2025-06-30T19:20:34.306Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "Volkswagen MIB3 infotainment system MIB3 OI MQB", "vendor": "Preh Car Connect GmbH (JOYNEXT GmbH)", "versions": [{"lessThanOrEqual": "0304", "status": "affected", "version": "0", "versionType": "custom"}]}], "credits": [{"lang": "en", "type": "finder", "value": "Artem Ivachev from PCA Cyber Security (PCAutomotive)"}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "An integer overflow in the image processing binary of the MIB3 infotainment unit allows an attacker with local access to the vehicle to cause a denial-of-service of the infotainment system."}], "value": "An integer overflow in the image processing binary of the MIB3 infotainment unit allows an attacker with local access to the vehicle to cause a denial-of-service of the infotainment system."}], "impacts": [{"capecId": "CAPEC-92", "descriptions": [{"lang": "en", "value": "CAPEC-92 Forced Integer Overflow"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "LOW", "baseScore": 3.3, "baseSeverity": "LOW", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-190", "description": "CWE-190 Integer Overflow or Wraparound", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "c15abc07-96a9-4d11-a503-5d621bfe42ba", "shortName": "ASRG", "dateUpdated": "2025-06-28T15:38:02.954Z"}, "references": [{"url": "https://i.blackhat.com/EU-24/Presentations/EU-24-Parnishchev-OverTheAirVW.pdf"}, {"tags": ["technical-description"], "url": "https://pcacybersecurity.com/resources/advisory/vulnerabilities-in-vw-mib3-infotainment-2"}, {"tags": ["third-party-advisory"], "url": "https://asrg.io/security-advisories/vulnerabilities-in-volkswagen-mib3-infotainment-part-2/"}], "source": {"discovery": "EXTERNAL"}, "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}, "adp": [{"references": [{"url": "https://i.blackhat.com/EU-24/Presentations/EU-24-Parnishchev-OverTheAirVW.pdf", "tags": ["exploit"]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-06-30T19:14:27.457646Z", "id": "CVE-2023-28903", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-06-30T19:20:34.306Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2023-28903", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-06-30T19:14:27.457646Z"}}}], "references": [{"url": "https://i.blackhat.com/EU-24/Presentations/EU-24-Parnishchev-OverTheAirVW.pdf", "tags": ["exploit"]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-06-30T19:19:22.557Z"}}], "cna": {"source": {"discovery": "EXTERNAL"}, "credits": [{"lang": "en", "type": "finder", "value": "Artem Ivachev from PCA Cyber Security (PCAutomotive)"}], "impacts": [{"capecId": "CAPEC-92", "descriptions": [{"lang": "en", "value": "CAPEC-92 Forced Integer Overflow"}]}], "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 3.3, "attackVector": "LOCAL", "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "integrityImpact": "NONE", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "Preh Car Connect GmbH (JOYNEXT GmbH)", "product": "Volkswagen MIB3 infotainment system MIB3 OI MQB", "versions": [{"status": "affected", "version": "0", "versionType": "custom", "lessThanOrEqual": "0304"}], "defaultStatus": "unaffected"}], "references": [{"url": "https://i.blackhat.com/EU-24/Presentations/EU-24-Parnishchev-OverTheAirVW.pdf"}, {"url": "https://pcacybersecurity.com/resources/advisory/vulnerabilities-in-vw-mib3-infotainment-2", "tags": ["technical-description"]}, {"url": "https://asrg.io/security-advisories/vulnerabilities-in-volkswagen-mib3-infotainment-part-2/", "tags": ["third-party-advisory"]}], "x_generator": {"engine": "Vulnogram 0.1.0-dev"}, "descriptions": [{"lang": "en", "value": "An integer overflow in the image processing binary of the MIB3 infotainment unit allows an attacker with local access to the vehicle to cause a denial-of-service of the infotainment system.", "supportingMedia": [{"type": "text/html", "value": "An integer overflow in the image processing binary of the MIB3 infotainment unit allows an attacker with local access to the vehicle to cause a denial-of-service of the infotainment system.", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-190", "description": "CWE-190 Integer Overflow or Wraparound"}]}], "providerMetadata": {"orgId": "c15abc07-96a9-4d11-a503-5d621bfe42ba", "shortName": "ASRG", "dateUpdated": "2025-06-28T15:38:02.954Z"}}}, "cveMetadata": {"cveId": "CVE-2023-28903", "state": "PUBLISHED", "dateUpdated": "2025-06-30T19:20:34.306Z", "dateReserved": "2023-03-27T14:51:16.417Z", "assignerOrgId": "c15abc07-96a9-4d11-a503-5d621bfe42ba", "datePublished": "2025-06-28T15:38:02.954Z", "assignerShortName": "ASRG"}, "dataVersion": "5.1"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "An integer overflow in the image processing binary of the MIB3 infotainment unit allows an attacker with local access to the vehicle to cause a denial-of-service of the infotainment system."}, {"lang": "es", "value": "Un desbordamiento de entero en el binario de procesamiento de im\u00e1genes de la unidad de infoentretenimiento MIB3 permite que un atacante con acceso local al veh\u00edculo provoque una denegaci\u00f3n de servicio del sistema de infoentretenimiento."}], "id": "CVE-2023-28903", "lastModified": "2026-04-15T00:35:42.020", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "LOW", "baseScore": 3.3, "baseSeverity": "LOW", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 1.4, "source": "cve@asrg.io", "type": "Secondary"}]}, "published": "2025-06-28T16:15:22.087", "references": [{"source": "cve@asrg.io", "url": "https://asrg.io/security-advisories/vulnerabilities-in-volkswagen-mib3-infotainment-part-2/"}, {"source": "cve@asrg.io", "url": "https://i.blackhat.com/EU-24/Presentations/EU-24-Parnishchev-OverTheAirVW.pdf"}, {"source": "cve@asrg.io", "url": "https://pcacybersecurity.com/resources/advisory/vulnerabilities-in-vw-mib3-infotainment-2"}, {"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "url": "https://i.blackhat.com/EU-24/Presentations/EU-24-Parnishchev-OverTheAirVW.pdf"}], "sourceIdentifier": "cve@asrg.io", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-190"}], "source": "cve@asrg.io", "type": "Secondary"}]}

{}

{}