CVE-2022-23126 — CRITICAL (9.8)

Q: How severe is CVE-2022-23126?

CVE-2022-23126 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.

Q: Is there a patch for CVE-2022-23126?

Check the references section above for vendor advisories and patch information. Affected products include: Teslamate Teslamate.

Vulnerability Description

TeslaMate before 1.25.1 (when using the default Docker configuration) allows attackers to open doors of Tesla vehicles, start Keyless Driving, and interfere with vehicle operation en route. This occurs because an attacker can leverage Grafana login access to obtain a token for Tesla API calls.

CVSS Score

9.8

CRITICAL

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Teslamate	Teslamate	< 1.25.1

Related Weaknesses (CWE)

CWE-287

References

https://github.com/adriankumpf/teslamate/commit/fff6915e7364f83b3030f980d5743299PatchThird Party Advisory
https://github.com/adriankumpf/teslamate/compare/v1.25.0...v1.25.1PatchThird Party Advisory
https://github.com/adriankumpf/teslamate/releases/tag/v1.25.1Release NotesThird Party Advisory
https://medium.com/%40david_colombo/how-i-got-access-to-25-teslas-around-the-wor
https://twitter.com/teslascope/status/1481252837174624258Issue TrackingThird Party Advisory
https://github.com/adriankumpf/teslamate/commit/fff6915e7364f83b3030f980d5743299PatchThird Party Advisory
https://github.com/adriankumpf/teslamate/compare/v1.25.0...v1.25.1PatchThird Party Advisory
https://github.com/adriankumpf/teslamate/releases/tag/v1.25.1Release NotesThird Party Advisory
https://medium.com/%40david_colombo/how-i-got-access-to-25-teslas-around-the-wor
https://twitter.com/teslascope/status/1481252837174624258Issue TrackingThird Party Advisory

FAQ

What is CVE-2022-23126?

CVE-2022-23126 is a vulnerability with a CVSS score of 9.8 (CRITICAL). TeslaMate before 1.25.1 (when using the default Docker configuration) allows attackers to open doors of Tesla vehicles, start Keyless Driving, and interfere with vehicle operation en route. This occur...

How severe is CVE-2022-23126?

CVE-2022-23126 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.

Is there a patch for CVE-2022-23126?

Check the references section above for vendor advisories and patch information. Affected products include: Teslamate Teslamate.