Code execution in TOYOTA MOTOR Global TechStream (GTS)



Published: 2020-07-29 | Updated: 2020-07-29
Risk Low
Patch available YES
Number of vulnerabilities 1
CVE-ID CVE-2020-5610
CWE-ID CWE-121
Exploitation vector Local
Public exploit N/A
Vulnerable software
Subscribe 		Global TechStream (GTS)
Other software / Other software solutions

Vendor TOYOTA MOTOR CORPORATION

Security Bulletin

This security bulletin contains one low risk vulnerability.

1) Stack-based buffer overflow

EUVDB-ID: #VU32898

Risk: Low

CVSSv3.1: 5.8 [CVSS:3.1/AV:P/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2020-5610

CWE-ID: CWE-121 - Stack-based buffer overflow

Exploit availability: No

Description

The vulnerability allows a local attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error. An attacker with physical access can trigger stack-based buffer overflow and execute arbitrary code on the target system or cause a denial of service (DoS) condition.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Global TechStream (GTS): 15.10.032

External links

http://jvn.jp/en/jp/JVN40400577/index.html


Q & A

Can this vulnerability be exploited remotely?

No. The attacker should have physical access to the system in order to successfully exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.



###SIDEBAR###