Vulnerabilities > CVE-2023-28898 - Unspecified vulnerability in Skoda-Auto Superb 3 Firmware 2022

CVSS 5.3 - MEDIUM

Attack vector

ADJACENT_NETWORK

Attack complexity

HIGH

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

NONE

Availability impact

HIGH

high complexity

skoda-auto

NVD

Published: 2024-01-12

Updated: 2024-01-22

Summary

The Real-Time Streaming Protocol implementation in the MIB3 infotainment incorrectly handles requests to /logs URI, when the id parameter equals to zero. This issue allows an attacker connected to the in-vehicle Wi-Fi network to cause denial-of-service of the infotainment system, when the certain preconditions are met. Vulnerability discovered on Škoda Superb III (3V3) - 2.0 TDI manufactured in 2022.

Vulnerable Configurations

Part	Description	Count
OS	Skoda-Auto Skoda Auto Superb 3 Firmware 2022	1
Hardware	Skoda-Auto Skoda Auto Superb 3 -	1

References

https://nonexistent.com