Multiple vulnerabilities in Volkswagen MIB3
| Risk | Medium |
| Patch available | YES |
| Number of vulnerabilities | 12 |
| CVE-ID | CVE-2023-28902 CVE-2023-28903 CVE-2023-28904 CVE-2023-28905 CVE-2023-28906 CVE-2023-28907 CVE-2023-28908 CVE-2023-28909 CVE-2023-28910 CVE-2023-28911 CVE-2023-28912 CVE-2023-29113 |
| CWE-ID | CWE-191 CWE-190 CWE-119 CWE-122 CWE-78 CWE-284 CWE-754 CWE-20 CWE-312 |
| Exploitation vector | Local network |
| Public exploit | N/A |
| Vulnerable software |
MIB3 Other software / Other software solutions |
| Vendor | Volkswagen |
Security Bulletin
This security bulletin contains information about 12 vulnerabilities.
1) Integer underflow
EUVDB-ID: #VU112034
Risk: Low
CVSSv4.0: 0.4 [CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2023-28902
CWE-ID:
CWE-191 - Integer underflow
Exploit availability: No
DescriptionThe vulnerability allows a local attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to integer underflow in picture handler during EXIF data parsing. An attacker with physical access can attach a USB flash drive containing a specifically crafted JPEG image, trigger integer underflow and cause a denial of service condition on the target system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsMIB3: All versions
CPE2.3 External linkshttps://asrg.io/security-advisories/vulnerabilities-in-volkswagen-mib3-infotainment-part-2/
Q & A
Can this vulnerability be exploited remotely?
No. The attacker should have physical access to the system in order to successfully exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Integer overflow
EUVDB-ID: #VU112035
Risk: Low
CVSSv4.0: 0.4 [CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2023-28903
CWE-ID:
CWE-190 - Integer overflow
Exploit availability: No
DescriptionThe vulnerability allows a local attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to integer overflow in picture handler during EXIF data parsing. An attacker with physical access can attach a USB flash drive with a specially crafted JPEG image, trigger integer overflow and cause a denial of service on the target system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsMIB3: All versions
CPE2.3 External linkshttps://asrg.io/security-advisories/vulnerabilities-in-volkswagen-mib3-infotainment-part-2/
Q & A
Can this vulnerability be exploited remotely?
No. The attacker should have physical access to the system in order to successfully exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Buffer overflow
EUVDB-ID: #VU112036
Risk: Low
CVSSv4.0: 4 [CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2023-28904
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local attacker to execute arbitrary code on the target system.
The vulnerability exists due to a logic flaw in the bootloader component. An attacker with physical access can trigger memory corruption to bypass firmware signature verification and execute arbitrary code in the infotainment system at boot process.
MitigationInstall updates from vendor's website.
Vulnerable software versionsMIB3: All versions
CPE2.3 External linkshttps://asrg.io/security-advisories/vulnerabilities-in-volkswagen-mib3-infotainment-part-2/
Q & A
Can this vulnerability be exploited remotely?
No. The attacker should have physical access to the system in order to successfully exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
4) Heap-based buffer overflow
EUVDB-ID: #VU112038
Risk: Medium
CVSSv4.0: 6.1 [CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2023-28905
CWE-ID:
CWE-122 - Heap-based Buffer Overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error in picserver within the image processing binary. A remote attacker on the local network can send a specially crafted vCard, trigger a heap-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsMIB3: All versions
CPE2.3 External linkshttps://asrg.io/security-advisories/vulnerabilities-in-volkswagen-mib3-infotainment-part-2/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
5) OS Command Injection
EUVDB-ID: #VU112040
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2023-28906
CWE-ID:
CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Exploit availability: No
DescriptionThe vulnerability allows a local user to execute arbitrary shell commands on the target system.
The vulnerability exists due to improper input validation in the "tsd.networking.mib3" service. A local user can pass specially crafted data to the application and execute arbitrary OS commands on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsMIB3: All versions
CPE2.3 External linkshttps://asrg.io/security-advisories/vulnerabilities-in-volkswagen-mib3-infotainment-part-2/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
6) Improper access control
EUVDB-ID: #VU112041
Risk: Low
CVSSv4.0: 5.7 [CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2023-28907
CWE-ID:
CWE-284 - Improper Access Control
Exploit availability: No
DescriptionThe vulnerability allows a local user to gain unauthorized access to otherwise restricted functionality.
The vulnerability exists due to improper access restrictions in CARCOM memory. A local administrator can bypass implemented security restrictions, execute arbitrar code and read/write to the Infotainment CAN bus of the target vehicle.
MitigationInstall updates from vendor's website.
Vulnerable software versionsMIB3: All versions
CPE2.3 External linkshttps://asrg.io/security-advisories/vulnerabilities-in-volkswagen-mib3-infotainment-part-2/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
7) Integer overflow
EUVDB-ID: #VU112042
Risk: Medium
CVSSv4.0: 6.3 [CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2023-28908
CWE-ID:
CWE-190 - Integer overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to integer overflow in non-fragmented data within the Bluetooth stack. A remote attacker on the local network can pass specially crafted data to the application, trigger integer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsMIB3: All versions
CPE2.3 External linkshttps://asrg.io/security-advisories/vulnerabilities-in-volkswagen-mib3-infotainment-part-2/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
8) Integer overflow
EUVDB-ID: #VU112044
Risk: Medium
CVSSv4.0: 5.9 [CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2023-28909
CWE-ID:
CWE-190 - Integer overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to integer overflow within the Bluetooth stack when receiving fragmented HCI packets on a channel. A remote attacker on the local network can pass specially crafted data to the application, trigger integer overflow, bypass the MTU check and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsMIB3: All versions
CPE2.3 External linkshttps://asrg.io/security-advisories/vulnerabilities-in-volkswagen-mib3-infotainment-part-2/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
9) Improper Check for Unusual or Exceptional Conditions
EUVDB-ID: #VU112046
Risk: Medium
CVSSv4.0: 5.9 [CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2023-28910
CWE-ID:
CWE-754 - Improper Check for Unusual or Exceptional Conditions
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to the disabled abortion flag within the Bluetooth stack. A remote attacker on the local network can bypass assertion functions and execute arbitrary code on the system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsMIB3: All versions
CPE2.3 External linkshttps://asrg.io/security-advisories/vulnerabilities-in-volkswagen-mib3-infotainment-part-2/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
10) Input validation error
EUVDB-ID: #VU112047
Risk: Medium
CVSSv4.0: 4.9 [CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2023-28911
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient validation of user-supplied input within the Bluetooth stack. A remote attacker on the local network can pass specially crafted input to the application and perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's website.
Vulnerable software versionsMIB3: All versions
CPE2.3 External linkshttps://asrg.io/security-advisories/vulnerabilities-in-volkswagen-mib3-infotainment-part-2/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
11) Cleartext storage of sensitive information
EUVDB-ID: #VU112048
Risk: Medium
CVSSv4.0: 4.3 [CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:A/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2023-28912
CWE-ID:
CWE-312 - Cleartext Storage of Sensitive Information
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to the MIB3 unit stores the synchronized phone contact book in cleartext. A remote attacker on the local network can gain access to sensitive information.
MitigationInstall updates from vendor's website.
Vulnerable software versionsMIB3: All versions
CPE2.3 External linkshttps://asrg.io/security-advisories/vulnerabilities-in-volkswagen-mib3-infotainment-part-2/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
12) Improper access control
EUVDB-ID: #VU112050
Risk: Low
CVSSv4.0: 1.1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2023-29113
CWE-ID:
CWE-284 - Improper Access Control
Exploit availability: No
DescriptionThe vulnerability allows a local user to gain unauthorized access to otherwise restricted functionality.
The vulnerability exists due to improper access restrictions in custom IPC mechanism. A local user can undermine access control restrictions implemented at the operating system level.
MitigationInstall updates from vendor's website.
Vulnerable software versionsMIB3: All versions
CPE2.3 External linkshttps://asrg.io/security-advisories/vulnerabilities-in-volkswagen-mib3-infotainment-part-2/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
