CVE-2020-29439 - Tesla Model X vehicles before 2020-11-23 have key fobs that rely on five VIN digits for the authenti

CVE-2020-29439

Summary

Tesla Model X vehicles before 2020-11-23 have key fobs that rely on five VIN digits for the authentication needed for a body control module (BCM) to initiate a Bluetooth wake-up action. (The full VIN is visible from outside the vehicle.)

References

https://www.wired.com/story/tesla-model-x-hack-bluetooth/

Vulnerable Configurations

cpe:2.3:o:tesla:model_x_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:tesla:model_x_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:tesla:model_x:-:*:*:*:*:*:*:*
cpe:2.3:h:tesla:model_x:-:*:*:*:*:*:*:*

CVSS

Base:	2.1 (as of 04-12-2020 - 19:51)
Impact:
Exploitability:

CWE

NVD-CWE-noinfo

CAPEC

Access

Vector	Complexity	Authentication
LOCAL	LOW	NONE

Impact

Confidentiality	Integrity	Availability
PARTIAL	NONE	NONE

cvss-vector via4

AV:L/AC:L/Au:N/C:P/I:N/A:N

refmap via4

misc

https://www.wired.com/story/tesla-model-x-hack-bluetooth/

Last major update

04-12-2020 - 19:51

Published

30-11-2020 - 22:15

Last modified

04-12-2020 - 19:51