Vulnerabilities > CVE-2019-19560 - Insecure Storage of Sensitive Information vulnerability in Harman Hermes 1.5

CVSS 2.1 - LOW

Attack vector

LOCAL

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

NONE

Availability impact

NONE

local

low complexity

harman

CWE-922

NVD

Published: 2020-11-16

Updated: 2021-07-21

Summary

An authentication bypass in the debug interface in Mercedes-Benz HERMES 1.5 allows an attacker with physical access to device hardware to obtain system information.

Vulnerable Configurations

Part	Description	Count
Application	Harman Harman Hermes 1.5	1

Common Weakness Enumeration (CWE)

CWE-922 - Insecure Storage of Sensitive Information

References

https://media.daimler.com/marsMediaSite/en/instance/ko/Mercedes-Benz-and-360-Group-to-join-forces-Mercedes-Benz-and-360-Group-with-its-Cyber-Security-Brain-work-together-to-strengthen-car-IT-security-for-industry.xhtml?oid=45208829
https://skygo.360.cn/archive/Security-Research-Report-on-Mercedes-Benz-Cars-en.pdf