Vulnerabilities > CVE-2023-6073 - Unspecified vulnerability in Volkswagen Id.3 Firmware

CVSS 6.3 - MEDIUM

Attack vector

ADJACENT_NETWORK

Attack complexity

LOW

Privileges required

LOW

Confidentiality impact

NONE

Integrity impact

LOW

Availability impact

HIGH

low complexity

volkswagen

NVD

Published: 2023-11-10

Updated: 2023-11-18

Summary

Attacker can perform a Denial of Service attack to crash the ICAS 3 IVI ECU in a Volkswagen ID.3 (and other vehicles of the VW Group with the same hardware) and spoof volume setting commands to irreversibly turn on audio volume to maximum via REST API calls.

Vulnerable Configurations

Part	Description	Count
OS	Volkswagen Volkswagen Id.3 Firmware *	1
Hardware	Volkswagen Volkswagen Id.3 -	1

References

https://asrg.io/cve-2023-6073-dos-and-control-of-volume-settings-for-vw-id-3-icas3-ivi-ecu/