Headline
CVE-2022-3093: ZDI-22-1188
This vulnerability allows physical attackers to execute arbitrary code on affected Tesla vehicles. Authentication is not required to exploit this vulnerability. The specific flaw exists within the ice_updater update mechanism. The issue results from the lack of proper validation of user-supplied firmware. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-17463.
September 8th, 2022
(Pwn2Own) Tesla ice_updater Time-Of-Check Time-Of-Use Code Execution Vulnerability****ZDI-22-1188
ZDI-CAN-17463
CVE ID
CVE-2022-3093
CVSS SCORE
7.6, (AV:P/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H)
AFFECTED VENDORS
Tesla
AFFECTED PRODUCTS
Model 3
VULNERABILITY DETAILS
This vulnerability allows physical attackers to execute arbitrary code on affected Tesla vehicles. Authentication is not required to exploit this vulnerability.
The specific flaw exists within the ice_updater update mechanism. The issue results from the lack of proper validation of user-supplied firmware. An attacker can leverage this vulnerability to execute code in the context of root.
ADDITIONAL DETAILS
Issue was fixed starting in Tesla’s 2022.16.0.3 release.
DISCLOSURE TIMELINE
- 2022-06-22 - Vulnerability reported to vendor
- 2022-09-08 - Coordinated public release of advisory
CREDIT
@Jedar_LZ
BACK TO ADVISORIES
Related news
SolarWinds Platform was susceptible to the Deserialization of Untrusted Data. This vulnerability allows a remote adversary with Orion admin-level account access to SolarWinds Web Console to execute arbitrary commands.
SolarWinds Platform was susceptible to the Deserialization of Untrusted Data. This vulnerability allows a remote adversary with Orion admin-level account access to SolarWinds Web Console to execute arbitrary commands.