← back
CVE-2023-28897

Hard-coded password for UDS services

CVSS 4 MEDIUMEPSS 0.3%CWE-798
Vexday Risk Score
13Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS 4EPSS 0.3%KEV nãoPoC Nuclei Metasploit Patch
Lifecycle
12 Jan 2024Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
The secret value used for access to critical UDS services of the MIB3 infotainment is hardcoded in the firmware. Vulnerability discovered on Škoda Superb III (3V3) - 2.0 TDI manufactured in 2022.
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Affected products
JOYNEXT · MIB3 Infotainment Unit

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://asrg.io/security-advisories/cve-2023-28897