CVE-2018-16806 — MEDIUM (6.5)

Vulnerability Description

A Pektron Passive Keyless Entry and Start (PKES) system, as used on the Tesla Model S and possibly other vehicles, relies on the DST40 cipher, which makes it easier for attackers to obtain access via an approach involving a 5.4 TB precomputation, followed by wake-frame reception and two challenge/response operations, to clone a key fob within a few seconds.

CVSS Score

6.5

MEDIUM

CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Attack Vector

ADJACENT_NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

NONE

Integrity

HIGH

Availability

NONE

Affected Products

Vendor	Product	Versions
Pektron	Passive Keyless Entry And Start System Firmware	-
Pektron	Passive Keyless Entry And Start System	-

Related Weaknesses (CWE)

CWE-327

References

https://www.esat.kuleuven.be/cosic/fast-furious-and-insecure-passive-keyless-entExploitThird Party Advisory
https://www.esat.kuleuven.be/cosic/fast-furious-and-insecure-passive-keyless-entExploitThird Party Advisory

FAQ

What is CVE-2018-16806?

CVE-2018-16806 is a vulnerability with a CVSS score of 6.5 (MEDIUM). A Pektron Passive Keyless Entry and Start (PKES) system, as used on the Tesla Model S and possibly other vehicles, relies on the DST40 cipher, which makes it easier for attackers to obtain access via ...

How severe is CVE-2018-16806?

CVE-2018-16806 has been rated MEDIUM with a CVSS base score of 6.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2018-16806?

Check the references section above for vendor advisories and patch information. Affected products include: Pektron Passive Keyless Entry And Start System Firmware, Pektron Passive Keyless Entry And Start System.