CVE-2018-9312 — HIGH (7.8) — White Hats Nepal

Vulnerability Description

The Head Unit HU_NBT (aka Infotainment) component on BMW i Series, BMW X Series, BMW 3 Series, BMW 5 Series, and BMW 7 Series vehicles produced in 2012 through 2018 allows a local attack when a USB device is plugged in.

CVSS Score

7.8

HIGH

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Bmw	Head Unit Hu Nbt Firmware	-
Bmw	Head Unit Hu Nbt	-

Related Weaknesses (CWE)

CWE-693

References

http://www.securityfocus.com/bid/104258Third Party AdvisoryVDB Entry
https://keenlab.tencent.com/en/Experimental_Security_Assessment_of_BMW_Cars_by_KExploitThird Party Advisory
https://www.theregister.co.uk/2018/05/23/bmw_security_bugs/Third Party Advisory
http://www.securityfocus.com/bid/104258Third Party AdvisoryVDB Entry
https://keenlab.tencent.com/en/Experimental_Security_Assessment_of_BMW_Cars_by_KExploitThird Party Advisory
https://www.theregister.co.uk/2018/05/23/bmw_security_bugs/Third Party Advisory

FAQ

What is CVE-2018-9312?

CVE-2018-9312 is a vulnerability with a CVSS score of 7.8 (HIGH). The Head Unit HU_NBT (aka Infotainment) component on BMW i Series, BMW X Series, BMW 3 Series, BMW 5 Series, and BMW 7 Series vehicles produced in 2012 through 2018 allows a local attack when a USB de...

How severe is CVE-2018-9312?

CVE-2018-9312 has been rated HIGH with a CVSS base score of 7.8/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2018-9312?

Check the references section above for vendor advisories and patch information. Affected products include: Bmw Head Unit Hu Nbt Firmware, Bmw Head Unit Hu Nbt.