Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2022-3093: ZDI-22-1188

This vulnerability allows physical attackers to execute arbitrary code on affected Tesla vehicles. Authentication is not required to exploit this vulnerability. The specific flaw exists within the ice_updater update mechanism. The issue results from the lack of proper validation of user-supplied firmware. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-17463.

CVE
#vulnerability#auth

September 8th, 2022

(Pwn2Own) Tesla ice_updater Time-Of-Check Time-Of-Use Code Execution Vulnerability****ZDI-22-1188
ZDI-CAN-17463

CVE ID

CVE-2022-3093

CVSS SCORE

7.6, (AV:P/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H)

AFFECTED VENDORS

Tesla

AFFECTED PRODUCTS

Model 3

VULNERABILITY DETAILS

This vulnerability allows physical attackers to execute arbitrary code on affected Tesla vehicles. Authentication is not required to exploit this vulnerability.

The specific flaw exists within the ice_updater update mechanism. The issue results from the lack of proper validation of user-supplied firmware. An attacker can leverage this vulnerability to execute code in the context of root.

ADDITIONAL DETAILS

Issue was fixed starting in Tesla’s 2022.16.0.3 release.

DISCLOSURE TIMELINE

  • 2022-06-22 - Vulnerability reported to vendor
  • 2022-09-08 - Coordinated public release of advisory

CREDIT

@Jedar_LZ

BACK TO ADVISORIES

Related news

CVE-2022-38108: Published | Zero Day Initiative

SolarWinds Platform was susceptible to the Deserialization of Untrusted Data. This vulnerability allows a remote adversary with Orion admin-level account access to SolarWinds Web Console to execute arbitrary commands.

CVE-2022-36957: Published | Zero Day Initiative

SolarWinds Platform was susceptible to the Deserialization of Untrusted Data. This vulnerability allows a remote adversary with Orion admin-level account access to SolarWinds Web Console to execute arbitrary commands.

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE-2023-6905
CVE-2023-6903
CVE-2023-6904
CVE-2023-3907