Main Vulnerability Database Vulnerabilities #VU61039

Missing Authentication for Critical Function in J2497 - CVE-2022-25922

Published: March 7, 2022

Vulnerability identifier: #VU61039

CSH Severity: Low

CVSS v4.0: CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2022-25922

CWE-ID: CWE-306

Exploitation vector: Local access

Exploit availability: No public exploit available

Vendor: SAE International

Affected software:
J2497

Detailed vulnerability description

The vulnerability allows an attacker with pysical access to compromise the target system.

The vulnerability exists due to trailer brake controllers implement diagnostic functions which can be invoked by replaying J2497 messages.

Cybersecurity Help is currently unaware of any official solution to address this vulnerability.