Vulnerability Description
The Head Unit HU_NBT (aka Infotainment) component on BMW i Series, BMW X Series, BMW 3 Series, BMW 5 Series, and BMW 7 Series vehicles produced in 2012 through 2018 allows local attacks involving the USB or OBD-II interface. An attacker can bypass the code-signing protection mechanism for firmware updates, and consequently obtain a root shell.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Bmw | Head Unit Hu Nbt Firmware | - |
| Bmw | Head Unit Hu Nbt | - |
Related Weaknesses (CWE)
References
- http://www.securityfocus.com/bid/104258Third Party AdvisoryVDB Entry
- https://keenlab.tencent.com/en/Experimental_Security_Assessment_of_BMW_Cars_by_KExploitThird Party Advisory
- https://www.theregister.co.uk/2018/05/23/bmw_security_bugs/Third Party Advisory
- http://www.securityfocus.com/bid/104258Third Party AdvisoryVDB Entry
- https://keenlab.tencent.com/en/Experimental_Security_Assessment_of_BMW_Cars_by_KExploitThird Party Advisory
- https://www.theregister.co.uk/2018/05/23/bmw_security_bugs/Third Party Advisory
FAQ
What is CVE-2018-9322?
CVE-2018-9322 is a vulnerability with a CVSS score of 7.8 (HIGH). The Head Unit HU_NBT (aka Infotainment) component on BMW i Series, BMW X Series, BMW 3 Series, BMW 5 Series, and BMW 7 Series vehicles produced in 2012 through 2018 allows local attacks involving the ...
How severe is CVE-2018-9322?
CVE-2018-9322 has been rated HIGH with a CVSS base score of 7.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2018-9322?
Check the references section above for vendor advisories and patch information. Affected products include: Bmw Head Unit Hu Nbt Firmware, Bmw Head Unit Hu Nbt.