Vulnerabilities > CVE-2019-14951 - Improper Restriction of Excessive Authentication Attempts vulnerability in Telenav Scout GPS Link

CVSS 7.5 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

NONE

Availability impact

NONE

network

low complexity

telenav

CWE-307

NVD

Published: 2019-08-12

Updated: 2020-08-24

Summary

The Telenav Scout GPS Link app 1.x for iOS, as used with Toyota and Lexus vehicles, has an incorrect protection mechanism against brute-force attacks on the authentication process, which makes it easier for attackers to obtain multimedia-screen access via port 7050 on the cellular network, as demonstrated by a DrivingRestriction method call to uma/jsonrpc/mobile.

Vulnerable Configurations

Part	Description	Count
Application	Telenav Telenav Scout GPS Link 1.0.4 Telenav Scout GPS Link 1.0.5 Telenav Scout GPS Link 1.0.16 Telenav Scout GPS Link 1.0.29 Telenav Scout GPS Link 1.0.32 Telenav Scout GPS Link 1.0.38 Telenav Scout GPS Link 1.0.45 Telenav Scout GPS Link 1.0.47 Telenav Scout GPS Link 1.0.53 Telenav Scout GPS Link 1.0.59 Telenav Scout GPS Link 1.0.65 Telenav Scout GPS Link 1.0.75 Telenav Scout GPS Link 1.0.81 Telenav Scout GPS Link 1.0.83 Telenav Scout GPS Link 1.0.85 Telenav Scout GPS Link 1.0.87 Telenav Scout GPS Link 1.0.93 Telenav Scout GPS Link 1.0.95 Telenav Scout GPS Link 1.0.97 Telenav Scout GPS Link 1.0.99 Telenav Scout GPS Link 1.0.101 Telenav Scout GPS Link 1.0.103 Telenav Scout GPS Link 1.0.105 Telenav Scout GPS Link 1.0.107 Telenav Scout GPS Link 1.0.109	25

Common Weakness Enumeration (CWE)

CWE-307 - Improper Restriction of Excessive Authentication Attempts

References

https://sites.google.com/site/iosappnss/more-vulnerable-apps-and-libraries