ID CVE-2015-5611
Summary Unspecified vulnerability in Uconnect before 15.26.1, as used in certain Fiat Chrysler Automobiles (FCA) from 2013 to 2015 models, allows remote attackers in the same cellular network to control vehicle movement, cause human harm or physical damage, or modify dashboard settings via vectors related to modification of entertainment-system firmware and access of the CAN bus due to insufficient "Radio security protection," as demonstrated on a 2014 Jeep Cherokee Limited FWD.
References
Vulnerable Configurations
  • cpe:2.3:a:fca:uconnect:15.26.1:*:*:*:*:*:*:*
    cpe:2.3:a:fca:uconnect:15.26.1:*:*:*:*:*:*:*
CVSS
Base: 8.3 (as of 24-12-2016 - 02:59)
Impact:
Exploitability:
CWE NVD-CWE-noinfo
CAPEC
Access
VectorComplexityAuthentication
ADJACENT_NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
COMPLETE COMPLETE COMPLETE
cvss-vector via4 AV:A/AC:L/Au:N/C:C/I:C/A:C
refmap via4
bid 75993
confirm http://blog.fcanorthamerica.com/2015/07/22/unhacking-the-hacked-jeep/
misc
Last major update 24-12-2016 - 02:59
Published 21-07-2015 - 21:05
Last modified 24-12-2016 - 02:59
Back to Top