CVE-2023-39076

Injecting random data into the USB memory area on a General Motors (GM) Chevrolet Equinox 2021 Software. 2021.03.26 (build version) vehicle causes a Denial of Service (DoS) in the in-car infotainment system.

CVSS v3 4.6 MEDIUM

4.6^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 0.9 / Impact : 3.6

Attack Vector PHYSICAL

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://blog.dhjeong.kr/posts/vuln/202307/gm-chevrolet/
https://blog.jhyeon.dev/posts/vuln/202307/gm-chevrolet/	Broken Link
https://nvd.nist.gov/vuln/detail/CVE-2023-39076
https://blog.dhjeong.kr/posts/vuln/202307/gm-chevrolet/
https://blog.jhyeon.dev/posts/vuln/202307/gm-chevrolet/	Broken Link
https://nvd.nist.gov/vuln/detail/CVE-2023-39076

Configurations

Configuration 1 (hide)

AND

cpe:2.3:a:gm:mylink_infotainment_system:2021.3.26:*:*:*:*:*:*:*

cpe:2.3:h:gm:chevrolet_equinox:2021:*:*:*:*:*:*:*

History

21 Nov 2024, 08:14

Type	Values Removed	Values Added
New CVE

Information

Published : 2023-09-08 13:15

Updated : 2024-11-21 08:14

NVD link : CVE-2023-39076

Mitre link : CVE-2023-39076

CVE.ORG link : CVE-2023-39076

JSON object : View

Products Affected

gm

mylink_infotainment_system
chevrolet_equinox

CWE

NVD-CWE-noinfo

{"id": "CVE-2023-39076", "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.6, "attackVector": "PHYSICAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 0.9}]}, "published": "2023-09-08T13:15:07.827", "references": [{"url": "https://blog.dhjeong.kr/posts/vuln/202307/gm-chevrolet/", "source": "cve@mitre.org"}, {"url": "https://blog.jhyeon.dev/posts/vuln/202307/gm-chevrolet/", "tags": ["Broken Link"], "source": "cve@mitre.org"}, {"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-39076", "source": "cve@mitre.org"}, {"url": "https://blog.dhjeong.kr/posts/vuln/202307/gm-chevrolet/", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://blog.jhyeon.dev/posts/vuln/202307/gm-chevrolet/", "tags": ["Broken Link"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-39076", "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}], "descriptions": [{"lang": "en", "value": "Injecting random data into the USB memory area on a General Motors (GM) Chevrolet Equinox 2021 Software. 2021.03.26 (build version) vehicle causes a Denial of Service (DoS) in the in-car infotainment system."}, {"lang": "es", "value": "Inyectar datos aleatorios en el \u00e1rea de memoria USB en el Software de veh\u00edculos Chevrolet Equinox 2021 de General Motors (GM). 2021.03.26 (versi\u00f3n de compilaci\u00f3n) provoca una Denegaci\u00f3n de Servicio (DoS) en el sistema de infoentretenimiento del autom\u00f3vil."}], "lastModified": "2024-11-21T08:14:43.680", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:gm:mylink_infotainment_system:2021.3.26:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5D92838E-E17F-429C-8E61-2D5EC8ACBACB"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:gm:chevrolet_equinox:2021:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "D14DEB54-FA5B-4DF0-BB34-35EC6CE2CB56"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "cve@mitre.org"}