{"vulnerability": "cve-2023-3440", "sightings": [{"uuid": "5651cd74-d883-42b6-bf84-766781e71de3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-34404", "type": "seen", "source": "https://poliverso.org/objects/0477a01e-45ff02b8-52616ac586aa8672", "content": "", "creation_timestamp": "2025-01-17T13:35:06.709240Z"}, {"uuid": "5128fcaa-6862-4471-a409-bde0eb1e224d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-34402", "type": "seen", "source": "https://poliverso.org/objects/0477a01e-45ff02b8-52616ac586aa8672", "content": "", "creation_timestamp": "2025-01-17T13:35:06.815045Z"}, {"uuid": "2d2e5066-c51c-4818-96db-dbdc21e2e762", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-34406", "type": "seen", "source": "https://poliverso.org/objects/0477a01e-45ff02b8-52616ac586aa8672", "content": "", "creation_timestamp": "2025-01-17T13:35:06.962567Z"}, {"uuid": "68abfedf-d333-49d2-81a1-227c5c4529e1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-34400", "type": "seen", "source": "https://poliverso.org/objects/0477a01e-45ff02b8-52616ac586aa8672", "content": "", "creation_timestamp": "2025-01-17T13:35:07.081862Z"}, {"uuid": "f90099ab-9226-4fd1-bfe9-4fab96761885", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-34401", "type": "seen", "source": "https://poliverso.org/objects/0477a01e-45ff02b8-52616ac586aa8672", "content": "", "creation_timestamp": "2025-01-17T13:35:07.125527Z"}, {"uuid": "58da52b6-18f7-4d61-8dbb-17d5eaae1d60", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-34403", "type": "seen", "source": "https://poliverso.org/objects/0477a01e-45ff02b8-52616ac586aa8672", "content": "", "creation_timestamp": "2025-01-17T13:35:07.166554Z"}, {"uuid": "10e25347-effe-4135-8cc7-b3dec918721f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-34401", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/4407", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2023-34401\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: Mercedes-Benz head-unit NTG6 contains functions to import or export profile settings over USB. Inside profile folder there is a file, which is encoded with proprietary UD2 codec. Due to missed size checks in the enapsulate file, attacker can achieve Out-of-Bound Read in heap memory.\n\ud83d\udccf Published: 2025-02-14T00:30:44Z\n\ud83d\udccf Modified: 2025-02-14T00:30:44Z\n\ud83d\udd17 References:\n1. https://nvd.nist.gov/vuln/detail/CVE-2023-34401\n2. https://securelist.com/mercedes-benz-head-unit-security-research/115218", "creation_timestamp": "2025-02-14T01:17:03.000000Z"}, {"uuid": "afcb0033-ae27-403e-b722-03e74e51b22c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-34404", "type": "seen", "source": "https://bsky.app/profile/basefortify.bsky.social/post/3lihloapb7s2d", "content": "", "creation_timestamp": "2025-02-18T15:36:47.397233Z"}, {"uuid": "c9955a02-92c2-4b21-a82a-2f67c79de34d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-34404", "type": "seen", "source": "https://bsky.app/profile/basefortify.bsky.social/post/3lihloc6vn22d", "content": "", "creation_timestamp": "2025-02-18T15:36:48.111662Z"}, {"uuid": "fb67db29-726c-4851-bc4e-71b1c937fbc2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-34404", "type": "seen", "source": "https://bsky.app/profile/basefortify.bsky.social/post/3lihloc6vn32d", "content": "", "creation_timestamp": "2025-02-18T15:36:48.810758Z"}, {"uuid": "a62095ba-2fc1-4703-85bd-51fe9d97ac36", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-34400", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113998850225494556", "content": "", "creation_timestamp": "2025-02-13T22:06:49.498919Z"}, {"uuid": "98662c4b-807a-49ee-bba9-99476a28b05e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-34400", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3li3pn2fxuj2z", "content": "", "creation_timestamp": "2025-02-13T22:15:42.158649Z"}, {"uuid": "b1734e19-3aa2-49b0-b646-c5c3cd6d045b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-34401", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3li3sxwqrai2a", "content": "", "creation_timestamp": "2025-02-13T23:15:28.701695Z"}, {"uuid": "27f83504-c1a8-4ed2-9096-803f6f017973", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-34402", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3li3sxyyp7b2s", "content": "", "creation_timestamp": "2025-02-13T23:15:30.945215Z"}, {"uuid": "05fa88a1-3bf2-4e06-b028-28d7e3f98a8f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-34403", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3li3sy3plxe2i", "content": "", "creation_timestamp": "2025-02-13T23:15:33.731807Z"}, {"uuid": "f0144b10-1169-4b10-b118-35b3eb5bc21b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-34404", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3li3sy6dx3f2c", "content": "", "creation_timestamp": "2025-02-13T23:15:36.504041Z"}, {"uuid": "85f294d4-c8e2-4910-99a9-7b21b15c1fa9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-34406", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3li3syarlhf2c", "content": "", "creation_timestamp": "2025-02-13T23:15:39.214185Z"}, {"uuid": "8c21f1cd-9baf-4b61-8859-4bd7d17a6364", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-34402", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3li3xgcwq4t2p", "content": "", "creation_timestamp": "2025-02-14T00:35:06.335126Z"}, {"uuid": "059afb82-bddf-43a7-aab0-21acc134b810", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-34404", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3li3xgddvx32v", "content": "", "creation_timestamp": "2025-02-14T00:35:08.501550Z"}, {"uuid": "b6b91ac1-5a16-4196-a938-be9104a310c7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-34401", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3li3xgdkgiv23", "content": "", "creation_timestamp": "2025-02-14T00:35:09.594900Z"}, {"uuid": "51f0350a-44da-4672-837c-eb0ad2d4b34f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-34406", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3li3xgdr3vd2e", "content": "", "creation_timestamp": "2025-02-14T00:35:10.738419Z"}, {"uuid": "e6014054-8b23-4275-b856-0a5583c08112", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-34403", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3li3xge6ep32e", "content": "", "creation_timestamp": "2025-02-14T00:35:13.029470Z"}, {"uuid": "914bce2c-b13a-4024-9827-b980f401834f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-34408", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/829", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2023-34408\n\ud83d\udd39 Description: DokuWiki before 2023-04-04a allows XSS via RSS titles.\n\ud83d\udccf Published: 2023-06-05T00:00:00\n\ud83d\udccf Modified: 2025-01-08T19:37:53.561Z\n\ud83d\udd17 References:\n1. https://github.com/dokuwiki/dokuwiki/pull/3967\n2. https://www.github.com/splitbrain/dokuwiki/commit/53df38b0e4465894a67a5890f74a6f5f82e827de\n3. https://huntr.dev/bounties/c6119106-1a5c-464c-94dd-ee7c5d0bece0/\n4. https://github.com/dokuwiki/dokuwiki/compare/release-2023-04-04...release-2023-04-04a", "creation_timestamp": "2025-01-08T20:15:13.000000Z"}, {"uuid": "7403cffa-ae84-4d84-a68b-7b877f28fb98", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-34407", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/735", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2023-34407\n\ud83d\udd39 Description: OfflinePlayerService.exe in Harbinger Offline Player 4.0.6.0.2 allows directory traversal as LocalSystem via ..\\ in a URL.\n\ud83d\udccf Published: 2023-06-05T00:00:00\n\ud83d\udccf Modified: 2025-01-08T17:01:15.717Z\n\ud83d\udd17 References:\n1. https://cybir.com/2023/cve/proof-of-concept-checkpoint-learning-harbinger-systems-offline-player-multiple-poc-for-cl-4-0-6-0-2-lfi-excessive-rights/", "creation_timestamp": "2025-01-08T17:13:25.000000Z"}, {"uuid": "dfde5ad3-c457-49b4-be87-ad1af3094a45", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-34409", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/712", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2023-34409\n\ud83d\udd39 Description: In Percona Monitoring and Management (PMM) server 2.x before 2.37.1, the authenticate function in auth_server.go does not properly formalize and sanitize URL paths to reject path traversal attempts. This allows an unauthenticated remote user, when a crafted POST request is made against unauthenticated API routes, to access otherwise protected API routes leading to escalation of privileges and information disclosure.\n\ud83d\udccf Published: 2023-06-06T00:00:00\n\ud83d\udccf Modified: 2025-01-08T16:01:28.778Z\n\ud83d\udd17 References:\n1. https://www.percona.com/blog/pmm-authentication-bypass-vulnerability-fixed-in-2-37-1/", "creation_timestamp": "2025-01-08T16:15:05.000000Z"}, {"uuid": "e0982b3c-dfe9-4021-bf2d-9503bbd0d6ab", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-34402", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/4396", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2023-34402\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: Mercedes-Benz head-unit NTG6 contains functions to import or export profile settings over USB. Inside file is encapsulate another file, which service will drop during processing. Due to missed checks, attacker can achieve Arbitrary File Write with service speech rights.\n\ud83d\udccf Published: 2025-02-14T00:30:44Z\n\ud83d\udccf Modified: 2025-02-14T00:30:44Z\n\ud83d\udd17 References:\n1. https://nvd.nist.gov/vuln/detail/CVE-2023-34402\n2. https://securelist.com/mercedes-benz-head-unit-security-research/115218", "creation_timestamp": "2025-02-14T01:16:11.000000Z"}, {"uuid": "d2867925-80e6-4513-915f-c45331de2938", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-34401", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/4385", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2023-34401\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: No description available\n\ud83d\udccf Published: 2025-02-13T23:15:08.867\n\ud83d\udccf Modified: N/A\n\ud83d\udd17 References:\n1. https://securelist.com/mercedes-benz-head-unit-security-research/115218/", "creation_timestamp": "2025-02-14T01:11:36.000000Z"}, {"uuid": "18b9fc95-5c74-4a71-bd46-0b049c82d091", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-34404", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/4382", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2023-34404\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: No description available\n\ud83d\udccf Published: 2025-02-13T23:15:09.553\n\ud83d\udccf Modified: N/A\n\ud83d\udd17 References:\n1. https://securelist.com/mercedes-benz-head-unit-security-research/115218/", "creation_timestamp": "2025-02-14T01:11:29.000000Z"}, {"uuid": "c4b8a694-39ed-43e0-ba84-eb1addf05280", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-34406", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/4381", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2023-34406\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: No description available\n\ud83d\udccf Published: 2025-02-13T23:15:09.633\n\ud83d\udccf Modified: N/A\n\ud83d\udd17 References:\n1. https://securelist.com/mercedes-benz-head-unit-security-research/115218/", "creation_timestamp": "2025-02-14T01:11:16.000000Z"}, {"uuid": "20ac66d7-ab4c-4c11-b166-f914c780a2ac", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-34404", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/4393", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2023-34404\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: Mercedes-Benz head-unit NTG6 has Ethernet pins on Base Board to connect module CSB. Attacker can connect to these pins and get access to internal network. As a result, by accessing a specific port an attacker can send call request to all registered services in router and achieve command injection vulnerability.\n\ud83d\udccf Published: 2025-02-14T00:30:44Z\n\ud83d\udccf Modified: 2025-02-14T00:30:44Z\n\ud83d\udd17 References:\n1. https://nvd.nist.gov/vuln/detail/CVE-2023-34404\n2. https://securelist.com/mercedes-benz-head-unit-security-research/115218", "creation_timestamp": "2025-02-14T01:15:23.000000Z"}, {"uuid": "1d50350b-43ab-47dc-913c-2079f481d462", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-34400", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/4413", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2023-34400\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: Mercedes-Benz head-unit NTG6 contains functions to import or export profile settings over USB. In case of parsing file, service try to define header inside the file and convert it to null-terminated string. If character is missed, will return null pointer.\n\ud83d\udccf Published: 2025-02-14T00:30:44Z\n\ud83d\udccf Modified: 2025-02-14T00:30:44Z\n\ud83d\udd17 References:\n1. https://nvd.nist.gov/vuln/detail/CVE-2023-34400\n2. https://securelist.com/mercedes-benz-head-unit-security-research/115218", "creation_timestamp": "2025-02-14T01:17:46.000000Z"}, {"uuid": "4e1f1214-c8a5-42cf-b75b-96990e6b97fb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-34406", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/4412", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2023-34406\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: An issue was discovered on Mercedes Benz NTG 6. A possible integer overflow exists in the user data import/export function of NTG (New Telematics Generation) 6 head units. To perform this attack, local access to USB interface of the car is needed. With prepared data, an attacker can cause the User-Data service to fail. The failed service instance will restart automatically.\n\ud83d\udccf Published: 2025-02-14T00:30:44Z\n\ud83d\udccf Modified: 2025-02-14T00:30:44Z\n\ud83d\udd17 References:\n1. https://nvd.nist.gov/vuln/detail/CVE-2023-34406\n2. https://securelist.com/mercedes-benz-head-unit-security-research/115218", "creation_timestamp": "2025-02-14T01:17:42.000000Z"}, {"uuid": "5bb78fcd-ba8c-4700-b9e5-4a0e55dba2e9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-34403", "type": "seen", "source": "Telegram/jtkNwjbKfYgg4Hqhi5oubFnzla5B_dy9YtbHUfh9d5isj9np", "content": "", "creation_timestamp": "2025-02-14T10:09:24.000000Z"}, {"uuid": "fa8a1ee3-b635-4d5f-bba3-7d251f397153", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-34402", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/4384", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2023-34402\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: No description available\n\ud83d\udccf Published: 2025-02-13T23:15:09.337\n\ud83d\udccf Modified: N/A\n\ud83d\udd17 References:\n1. https://securelist.com/mercedes-benz-head-unit-security-research/115218/", "creation_timestamp": "2025-02-14T01:11:33.000000Z"}, {"uuid": "1c06efb5-08c0-4356-a189-832d3e738b81", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-34403", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/4383", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2023-34403\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: No description available\n\ud83d\udccf Published: 2025-02-13T23:15:09.440\n\ud83d\udccf Modified: N/A\n\ud83d\udd17 References:\n1. https://securelist.com/mercedes-benz-head-unit-security-research/115218/", "creation_timestamp": "2025-02-14T01:11:31.000000Z"}, {"uuid": "f3ae16c6-acf6-415a-9eec-53d8d74e20ad", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-34402", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/7605", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2023-34402\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: Mercedes-Benz head-unit NTG6 contains functions to import or export profile settings over USB. Inside file is encapsulate another file, which service will drop during processing. Due to missed checks, attacker can achieve Arbitrary File Write with service speech rights.\n\ud83d\udccf Published: 2025-02-13T00:00:00.000Z\n\ud83d\udccf Modified: 2025-03-14T17:24:26.958Z\n\ud83d\udd17 References:\n1. https://securelist.com/mercedes-benz-head-unit-security-research/115218/", "creation_timestamp": "2025-03-14T17:48:48.000000Z"}, {"uuid": "edd75520-ce74-47e5-b9b3-8fa89068a16f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-34401", "type": "seen", "source": "https://t.me/cvedetector/18063", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2023-34401 - Mercedes-Benz NTG6 Heap-Based Out-of-Bounds Read\", \n  \"Content\": \"CVE ID : CVE-2023-34401 \nPublished : Feb. 13, 2025, 11:15 p.m. | 33\u00a0minutes ago \nDescription : Mercedes-Benz head-unit NTG6 contains functions to import or export profile settings over USB. Inside profile folder there is a file, which is encoded with proprietary UD2 codec. Due to missed size checks in the enapsulate file, attacker can achieve Out-of-Bound Read in heap memory. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"14 Feb 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-02-14T01:32:27.000000Z"}, {"uuid": "9ee5dcbc-89d7-42f7-8ed0-954680561a13", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-34404", "type": "seen", "source": "https://t.me/cvedetector/18060", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2023-34404 - Mercedes-Benz NTG6 Command Injection in Ethernet Interface\", \n  \"Content\": \"CVE ID : CVE-2023-34404 \nPublished : Feb. 13, 2025, 11:15 p.m. | 33\u00a0minutes ago \nDescription : Mercedes-Benz head-unit NTG6 has Ethernet pins on Base Board to connect module CSB. Attacker can connect to these pins and get access to internal network. As a result, by accessing a specific port an attacker can send call request to all registered services in router and achieve command injection vulnerability. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"14 Feb 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-02-14T01:32:25.000000Z"}, {"uuid": "9eae3f2e-f7c9-442b-b5cb-a5e509a6708a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-34406", "type": "seen", "source": "https://t.me/cvedetector/18061", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2023-34406 - Mercedes Benz NTG 6 Integer Overflow Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2023-34406 \nPublished : Feb. 13, 2025, 11:15 p.m. | 33\u00a0minutes ago \nDescription : An issue was discovered on Mercedes Benz NTG 6. A possible integer overflow exists in the user data import/export function of NTG (New Telematics Generation) 6 head units. To perform this attack, local access to USB interface of the car is needed. With prepared data, an attacker can cause the User-Data service to fail. The failed service instance will restart automatically. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"14 Feb 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-02-14T01:32:26.000000Z"}, {"uuid": "c119fae1-6064-4ead-81b7-76e43c320a1f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-34403", "type": "seen", "source": "https://t.me/cvedetector/18059", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2023-34403 - Mercedes-Benz NTG6 In-Vehicle Network Data Exfiltration and Spoofing Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2023-34403 \nPublished : Feb. 13, 2025, 11:15 p.m. | 33\u00a0minutes ago \nDescription : Mercedes-Benz head-unit NTG6 has Ethernet pins on Base Board to connect module CSB. Attacker can connect to this pins and get access to internal network. A race condition can be acquired and attacker can spoof \u201cUserData\u201d with desirable file path and access it though backup on USB. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"14 Feb 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-02-14T01:32:21.000000Z"}, {"uuid": "1d0eb15a-f454-432d-843f-fef28fe0c829", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-34402", "type": "seen", "source": "https://t.me/cvedetector/18058", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2023-34402 - Mercedes-Benz NTG6 Arbitrary File Write Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2023-34402 \nPublished : Feb. 13, 2025, 11:15 p.m. | 33\u00a0minutes ago \nDescription : Mercedes-Benz head-unit NTG6 contains functions to import or export profile settings over USB. Inside file is encapsulate another file, which service will drop during processing. Due to missed checks, attacker can achieve Arbitrary File Write with service speech rights. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"14 Feb 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-02-14T01:32:20.000000Z"}, {"uuid": "1aa041a7-6cc8-4d03-9f41-67e81ae6edbb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-34402", "type": "seen", "source": "Telegram/lTEh28Umh_YYj17aM4Cer3CaQV0994f4xB2Q42JZGZ1z4HtV", "content": "", "creation_timestamp": "2025-02-14T10:09:24.000000Z"}, {"uuid": "d3c28dda-38c8-46f4-8cf4-fe081c5f438f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-34401", "type": "seen", "source": "Telegram/q01xCEzWcbJZ5Yl1mR_PwCDwBEYHDpol0iayS8AhMkKIRCxW", "content": "", "creation_timestamp": "2025-02-14T10:09:24.000000Z"}, {"uuid": "a560ffef-53ab-4036-ac9d-52204a64afad", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-34400", "type": "seen", "source": "Telegram/_ce7buYouZ4GuKN7luACkpISmgh5BP07Gx7tv-uIDbaFaCdd", "content": "", "creation_timestamp": "2025-02-14T10:09:23.000000Z"}, {"uuid": "3156b8d7-f7a1-41fc-b98b-5a14a9c0dae1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-34406", "type": "seen", "source": "Telegram/iyDR3DCsnk1Y7anUnYz8c5X0kWjVWzKZPtfoaWDPuAxvhxfd", "content": "", "creation_timestamp": "2025-02-14T10:09:24.000000Z"}, {"uuid": "ba8e61e5-81fb-46a9-b1bd-3f6301ffae3c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-34404", "type": "seen", "source": "Telegram/opwyOXbsDByYjS5mLV1ENDJYyh7aq-rIwRzZRs0v4yzCauh-", "content": "", "creation_timestamp": "2025-02-14T10:09:24.000000Z"}, {"uuid": "a6558b37-2032-43e5-93c9-d28d7d3821ca", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-34404", "type": "seen", "source": "https://t.me/true_secator/6638", "content": "\u0420\u0435\u0441\u0435\u0440\u0447\u0435\u0440\u044b \u0438\u0437 \u041b\u0430\u0431\u043e\u0440\u0430\u0442\u043e\u0440\u0438\u0438 \u041a\u0430\u0441\u043f\u0435\u0440\u0441\u043a\u043e\u0433\u043e \u0440\u0430\u0441\u043a\u0440\u044b\u043b\u0438 \u043f\u043e\u0434\u0440\u043e\u0431\u043d\u043e\u0441\u0442\u0438 \u0441\u0432\u043e\u0435\u0433\u043e \u0438\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u043d\u0438\u044f, \u0432 \u0440\u0435\u0437\u0443\u043b\u044c\u0442\u0430\u0442\u0435 \u043a\u043e\u0442\u043e\u0440\u043e\u0433\u043e \u0441\u043c\u043e\u0433\u043b\u0438 \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0438\u0442\u044c 13 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0435\u0439\u00a0\u0432 \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u043e\u043d\u043d\u043e-\u0440\u0430\u0437\u0432\u043b\u0435\u043a\u0430\u0442\u0435\u043b\u044c\u043d\u044b\u0445 \u0441\u0438\u0441\u0442\u0435\u043c\u0430\u0445 Mercedes-Benz User Experience (MBUX) \u043f\u0435\u0440\u0432\u043e\u0433\u043e \u043f\u043e\u043a\u043e\u043b\u0435\u043d\u0438\u044f.\n\n\u0412 \u043a\u0430\u0447\u0435\u0441\u0442\u0432\u0435 \u043e\u0442\u043f\u0440\u0430\u0432\u043d\u043e\u0439 \u0442\u043e\u0447\u043a\u0438 \u0432 \u0438\u0437\u0443\u0447\u0435\u043d\u0438\u0438 \u0432\u043d\u0443\u0442\u0440\u0435\u043d\u043d\u0435\u0433\u043e \u0443\u0441\u0442\u0440\u043e\u0439\u0441\u0442\u0432\u0430 MBUX \u0438 \u0430\u0440\u0445\u0438\u0442\u0435\u043a\u0442\u0443\u0440\u044b \u0441\u0438\u0441\u0442\u0435\u043c\u044b \u0431\u044b\u043b \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d \u043e\u0442\u0447\u0435\u0442 \u043a\u0438\u0442\u0430\u0439\u0441\u043a\u043e\u0439 KeenLab \u043e\u0442 2021 \u0433\u043e\u0434\u0430.\n\n\u041f\u0440\u0438 \u044d\u0442\u043e\u043c \u0432 \u041b\u041a \u0441\u043e\u0441\u0440\u0435\u0434\u043e\u0442\u043e\u0447\u0438\u043b\u0438\u0441\u044c \u043d\u0430 \u0434\u0435\u0442\u0430\u043b\u044c\u043d\u043e\u043c \u0430\u043d\u0430\u043b\u0438\u0437\u0435 \u043f\u043e\u0434\u0441\u0438\u0441\u0442\u0435\u043c MBUX, \u043a\u043e\u0442\u043e\u0440\u044b\u043c \u043d\u0435 \u0431\u044b\u043b\u043e \u0443\u0434\u0435\u043b\u0435\u043d\u043e \u0434\u043e\u043b\u0436\u043d\u043e\u0435 \u0432\u043d\u0438\u043c\u0430\u043d\u0438\u0435 \u0438\u0445 \u043a\u043e\u043b\u043b\u0435\u0433\u0430\u043c\u0438: \u0434\u0438\u0430\u0433\u043d\u043e\u0441\u0442\u0438\u043a\u0430 (CAN, UDS \u0438 \u0442.\u0434.), \u043f\u043e\u0434\u043a\u043b\u044e\u0447\u0435\u043d\u0438\u044f \u0441 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435\u043c USB \u0438 \u0441\u043f\u0435\u0446\u0438\u0430\u043b\u0438\u0437\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u044b\u0435 \u043f\u0440\u043e\u0442\u043e\u043a\u043e\u043b\u044b \u043c\u0435\u0436\u043f\u0440\u043e\u0446\u0435\u0441\u0441\u043d\u043e\u0433\u043e \u0432\u0437\u0430\u0438\u043c\u043e\u0434\u0435\u0439\u0441\u0442\u0432\u0438\u044f (IPC).\n\n\u0412 \u0445\u043e\u0434\u0435 \u0438\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u043d\u0438\u044f \u0440\u0435\u0441\u0435\u0440\u0447\u0435\u0440\u0430\u043c \u0443\u0434\u0430\u043b\u043e\u0441\u044c \u0441\u043a\u043e\u043c\u043f\u0440\u043e\u043c\u0435\u0442\u0438\u0440\u043e\u0432\u0430\u0442\u044c \u0442\u0435\u0441\u0442\u043e\u0432\u0443\u044e \u043c\u043e\u0434\u0435\u043b\u044c \u0433\u043e\u043b\u043e\u0432\u043d\u043e\u0433\u043e \u0443\u0441\u0442\u0440\u043e\u0439\u0441\u0442\u0432\u0430 \u0438 \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0438\u0442\u044c \u043d\u0435\u0441\u043a\u043e\u043b\u044c\u043a\u043e \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0435\u0439 \u043d\u0430 \u0440\u0435\u0430\u043b\u044c\u043d\u043e\u043c \u0430\u0432\u0442\u043e\u043c\u043e\u0431\u0438\u043b\u0435 (\u0432 \u043a\u0430\u0447\u0435\u0441\u0442\u0432\u0435 \u043e\u0431\u0440\u0430\u0437\u0446\u0430 \u0437\u0430\u0434\u0435\u0439\u0441\u0442\u0432\u043e\u0432\u0430\u043b\u0438 Mercedes B180), \u043a \u043a\u043e\u0442\u043e\u0440\u043e\u043c\u0443 \u0438\u043c\u0435\u043b\u0441\u044f \u0444\u0438\u0437\u0438\u0447\u0435\u0441\u043a\u0438\u0439 \u0434\u043e\u0441\u0442\u0443\u043f.\n\n\u041d\u0435\u043a\u043e\u0442\u043e\u0440\u044b\u0435 \u0438\u0437 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0435\u0439 \u043c\u043e\u0433\u0443\u0442 \u0431\u044b\u0442\u044c \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u044b \u0434\u043b\u044f DoS-\u0430\u0442\u0430\u043a, \u0432 \u0442\u043e \u0432\u0440\u0435\u043c\u044f \u043a\u0430\u043a \u0434\u0440\u0443\u0433\u0438\u0435 \u043c\u043e\u0433\u0443\u0442 \u0431\u044b\u0442\u044c \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u044b \u0434\u043b\u044f \u043f\u043e\u043b\u0443\u0447\u0435\u043d\u0438\u044f \u0434\u0430\u043d\u043d\u044b\u0445, \u0432\u043d\u0435\u0434\u0440\u0435\u043d\u0438\u044f \u043a\u043e\u043c\u0430\u043d\u0434 \u0438 \u043f\u043e\u0432\u044b\u0448\u0435\u043d\u0438\u044f \u043f\u0440\u0438\u0432\u0438\u043b\u0435\u0433\u0438\u0439.\n\n\u041f\u043e \u0441\u043b\u043e\u0432\u0430\u043c \u0438\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u0442\u0435\u043b\u0435\u0439, \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a, \u0438\u043c\u0435\u044e\u0449\u0438\u0439 \u0444\u0438\u0437\u0438\u0447\u0435\u0441\u043a\u0438\u0439 \u0434\u043e\u0441\u0442\u0443\u043f \u043a \u0446\u0435\u043b\u0435\u0432\u043e\u043c\u0443 \u0430\u0432\u0442\u043e\u043c\u043e\u0431\u0438\u043b\u044e, \u043c\u043e\u0436\u0435\u0442 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u044c \u043d\u0435\u043a\u043e\u0442\u043e\u0440\u044b\u0435 \u0438\u0437 \u043d\u0438\u0445 \u0434\u043b\u044f \u043e\u0442\u043a\u043b\u044e\u0447\u0435\u043d\u0438\u044f \u0437\u0430\u0449\u0438\u0442\u044b \u043e\u0442 \u043a\u0440\u0430\u0436\u0438 \u0432 \u0433\u043e\u043b\u043e\u0432\u043d\u043e\u043c \u0443\u0441\u0442\u0440\u043e\u0439\u0441\u0442\u0432\u0435, \u0432\u044b\u043f\u043e\u043b\u043d\u0438\u0442\u044c \u043d\u0430\u0441\u0442\u0440\u043e\u0439\u043a\u0443 \u0430\u0432\u0442\u043e\u043c\u043e\u0431\u0438\u043b\u044f \u0438 \u0440\u0430\u0437\u0431\u043b\u043e\u043a\u0438\u0440\u043e\u0432\u0430\u0442\u044c \u043f\u043b\u0430\u0442\u043d\u044b\u0435 \u0443\u0441\u043b\u0443\u0433\u0438.\n\n\u0412 \u0441\u043b\u0443\u0447\u0430\u0435 \u0441 \u0440\u0435\u0430\u043b\u044c\u043d\u044b\u043c \u0430\u0432\u0442\u043e\u043c\u043e\u0431\u0438\u043b\u0435\u043c \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0435\u043d\u043d\u044b\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043c\u043e\u0436\u043d\u043e \u0437\u0430\u0434\u0435\u0439\u0441\u0442\u0432\u043e\u0432\u0430\u0442\u044c \u0447\u0435\u0440\u0435\u0437 \u0441\u043b\u0443\u0436\u0431\u0443 USB, \u0434\u043e\u0441\u0442\u0443\u043f\u043d\u0443\u044e \u043e\u0431\u044b\u0447\u043d\u043e\u043c\u0443 \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044e. \n\n\u0412 \u0446\u0435\u043b\u043e\u043c, \u0432 \u043f\u0440\u043e\u0446\u0435\u0441\u0441\u0435 \u0438\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u043d\u0438\u044f \u0431\u044b\u043b\u0438 \u0437\u0430\u0440\u0435\u0433\u0438\u0441\u0442\u0440\u0438\u0440\u043e\u0432\u0430\u043d\u044b \u0441\u043b\u0435\u0434\u0443\u044e\u0449\u0438\u0435 \u0438\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440\u044b \u0434\u043b\u044f \u0432\u044b\u044f\u0432\u043b\u0435\u043d\u043d\u044b\u0445 \u043f\u0440\u043e\u0431\u043b\u0435\u043c: CVE-2024-37601 - CVE-2024-37603, CVE-2023-34397 - CVE-2023-34404, CVE-2023-34406.\n\n\u041f\u043e\u0434\u0440\u043e\u0431\u043d\u0430\u044f \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f \u043f\u043e \u043a\u0430\u0436\u0434\u043e\u0439 CVE - \u0437\u0434\u0435\u0441\u044c, \u0430 \u0442\u0435\u0445\u043d\u0438\u0447\u0435\u0441\u043a\u0438\u0435 \u043f\u043e\u0434\u0440\u043e\u0431\u043d\u043e\u0441\u0442\u0438 - \u0432 \u043e\u0442\u0447\u0435\u0442\u0435.", "creation_timestamp": "2025-01-20T18:30:05.000000Z"}, {"uuid": "3f5c607e-4e92-4d3b-a25a-993a91429af8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-34406", "type": "seen", "source": "https://t.me/true_secator/6638", "content": "\u0420\u0435\u0441\u0435\u0440\u0447\u0435\u0440\u044b \u0438\u0437 \u041b\u0430\u0431\u043e\u0440\u0430\u0442\u043e\u0440\u0438\u0438 \u041a\u0430\u0441\u043f\u0435\u0440\u0441\u043a\u043e\u0433\u043e \u0440\u0430\u0441\u043a\u0440\u044b\u043b\u0438 \u043f\u043e\u0434\u0440\u043e\u0431\u043d\u043e\u0441\u0442\u0438 \u0441\u0432\u043e\u0435\u0433\u043e \u0438\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u043d\u0438\u044f, \u0432 \u0440\u0435\u0437\u0443\u043b\u044c\u0442\u0430\u0442\u0435 \u043a\u043e\u0442\u043e\u0440\u043e\u0433\u043e \u0441\u043c\u043e\u0433\u043b\u0438 \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0438\u0442\u044c 13 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0435\u0439\u00a0\u0432 \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u043e\u043d\u043d\u043e-\u0440\u0430\u0437\u0432\u043b\u0435\u043a\u0430\u0442\u0435\u043b\u044c\u043d\u044b\u0445 \u0441\u0438\u0441\u0442\u0435\u043c\u0430\u0445 Mercedes-Benz User Experience (MBUX) \u043f\u0435\u0440\u0432\u043e\u0433\u043e \u043f\u043e\u043a\u043e\u043b\u0435\u043d\u0438\u044f.\n\n\u0412 \u043a\u0430\u0447\u0435\u0441\u0442\u0432\u0435 \u043e\u0442\u043f\u0440\u0430\u0432\u043d\u043e\u0439 \u0442\u043e\u0447\u043a\u0438 \u0432 \u0438\u0437\u0443\u0447\u0435\u043d\u0438\u0438 \u0432\u043d\u0443\u0442\u0440\u0435\u043d\u043d\u0435\u0433\u043e \u0443\u0441\u0442\u0440\u043e\u0439\u0441\u0442\u0432\u0430 MBUX \u0438 \u0430\u0440\u0445\u0438\u0442\u0435\u043a\u0442\u0443\u0440\u044b \u0441\u0438\u0441\u0442\u0435\u043c\u044b \u0431\u044b\u043b \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d \u043e\u0442\u0447\u0435\u0442 \u043a\u0438\u0442\u0430\u0439\u0441\u043a\u043e\u0439 KeenLab \u043e\u0442 2021 \u0433\u043e\u0434\u0430.\n\n\u041f\u0440\u0438 \u044d\u0442\u043e\u043c \u0432 \u041b\u041a \u0441\u043e\u0441\u0440\u0435\u0434\u043e\u0442\u043e\u0447\u0438\u043b\u0438\u0441\u044c \u043d\u0430 \u0434\u0435\u0442\u0430\u043b\u044c\u043d\u043e\u043c \u0430\u043d\u0430\u043b\u0438\u0437\u0435 \u043f\u043e\u0434\u0441\u0438\u0441\u0442\u0435\u043c MBUX, \u043a\u043e\u0442\u043e\u0440\u044b\u043c \u043d\u0435 \u0431\u044b\u043b\u043e \u0443\u0434\u0435\u043b\u0435\u043d\u043e \u0434\u043e\u043b\u0436\u043d\u043e\u0435 \u0432\u043d\u0438\u043c\u0430\u043d\u0438\u0435 \u0438\u0445 \u043a\u043e\u043b\u043b\u0435\u0433\u0430\u043c\u0438: \u0434\u0438\u0430\u0433\u043d\u043e\u0441\u0442\u0438\u043a\u0430 (CAN, UDS \u0438 \u0442.\u0434.), \u043f\u043e\u0434\u043a\u043b\u044e\u0447\u0435\u043d\u0438\u044f \u0441 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435\u043c USB \u0438 \u0441\u043f\u0435\u0446\u0438\u0430\u043b\u0438\u0437\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u044b\u0435 \u043f\u0440\u043e\u0442\u043e\u043a\u043e\u043b\u044b \u043c\u0435\u0436\u043f\u0440\u043e\u0446\u0435\u0441\u0441\u043d\u043e\u0433\u043e \u0432\u0437\u0430\u0438\u043c\u043e\u0434\u0435\u0439\u0441\u0442\u0432\u0438\u044f (IPC).\n\n\u0412 \u0445\u043e\u0434\u0435 \u0438\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u043d\u0438\u044f \u0440\u0435\u0441\u0435\u0440\u0447\u0435\u0440\u0430\u043c \u0443\u0434\u0430\u043b\u043e\u0441\u044c \u0441\u043a\u043e\u043c\u043f\u0440\u043e\u043c\u0435\u0442\u0438\u0440\u043e\u0432\u0430\u0442\u044c \u0442\u0435\u0441\u0442\u043e\u0432\u0443\u044e \u043c\u043e\u0434\u0435\u043b\u044c \u0433\u043e\u043b\u043e\u0432\u043d\u043e\u0433\u043e \u0443\u0441\u0442\u0440\u043e\u0439\u0441\u0442\u0432\u0430 \u0438 \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0438\u0442\u044c \u043d\u0435\u0441\u043a\u043e\u043b\u044c\u043a\u043e \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0435\u0439 \u043d\u0430 \u0440\u0435\u0430\u043b\u044c\u043d\u043e\u043c \u0430\u0432\u0442\u043e\u043c\u043e\u0431\u0438\u043b\u0435 (\u0432 \u043a\u0430\u0447\u0435\u0441\u0442\u0432\u0435 \u043e\u0431\u0440\u0430\u0437\u0446\u0430 \u0437\u0430\u0434\u0435\u0439\u0441\u0442\u0432\u043e\u0432\u0430\u043b\u0438 Mercedes B180), \u043a \u043a\u043e\u0442\u043e\u0440\u043e\u043c\u0443 \u0438\u043c\u0435\u043b\u0441\u044f \u0444\u0438\u0437\u0438\u0447\u0435\u0441\u043a\u0438\u0439 \u0434\u043e\u0441\u0442\u0443\u043f.\n\n\u041d\u0435\u043a\u043e\u0442\u043e\u0440\u044b\u0435 \u0438\u0437 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0435\u0439 \u043c\u043e\u0433\u0443\u0442 \u0431\u044b\u0442\u044c \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u044b \u0434\u043b\u044f DoS-\u0430\u0442\u0430\u043a, \u0432 \u0442\u043e \u0432\u0440\u0435\u043c\u044f \u043a\u0430\u043a \u0434\u0440\u0443\u0433\u0438\u0435 \u043c\u043e\u0433\u0443\u0442 \u0431\u044b\u0442\u044c \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u044b \u0434\u043b\u044f \u043f\u043e\u043b\u0443\u0447\u0435\u043d\u0438\u044f \u0434\u0430\u043d\u043d\u044b\u0445, \u0432\u043d\u0435\u0434\u0440\u0435\u043d\u0438\u044f \u043a\u043e\u043c\u0430\u043d\u0434 \u0438 \u043f\u043e\u0432\u044b\u0448\u0435\u043d\u0438\u044f \u043f\u0440\u0438\u0432\u0438\u043b\u0435\u0433\u0438\u0439.\n\n\u041f\u043e \u0441\u043b\u043e\u0432\u0430\u043c \u0438\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u0442\u0435\u043b\u0435\u0439, \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a, \u0438\u043c\u0435\u044e\u0449\u0438\u0439 \u0444\u0438\u0437\u0438\u0447\u0435\u0441\u043a\u0438\u0439 \u0434\u043e\u0441\u0442\u0443\u043f \u043a \u0446\u0435\u043b\u0435\u0432\u043e\u043c\u0443 \u0430\u0432\u0442\u043e\u043c\u043e\u0431\u0438\u043b\u044e, \u043c\u043e\u0436\u0435\u0442 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u044c \u043d\u0435\u043a\u043e\u0442\u043e\u0440\u044b\u0435 \u0438\u0437 \u043d\u0438\u0445 \u0434\u043b\u044f \u043e\u0442\u043a\u043b\u044e\u0447\u0435\u043d\u0438\u044f \u0437\u0430\u0449\u0438\u0442\u044b \u043e\u0442 \u043a\u0440\u0430\u0436\u0438 \u0432 \u0433\u043e\u043b\u043e\u0432\u043d\u043e\u043c \u0443\u0441\u0442\u0440\u043e\u0439\u0441\u0442\u0432\u0435, \u0432\u044b\u043f\u043e\u043b\u043d\u0438\u0442\u044c \u043d\u0430\u0441\u0442\u0440\u043e\u0439\u043a\u0443 \u0430\u0432\u0442\u043e\u043c\u043e\u0431\u0438\u043b\u044f \u0438 \u0440\u0430\u0437\u0431\u043b\u043e\u043a\u0438\u0440\u043e\u0432\u0430\u0442\u044c \u043f\u043b\u0430\u0442\u043d\u044b\u0435 \u0443\u0441\u043b\u0443\u0433\u0438.\n\n\u0412 \u0441\u043b\u0443\u0447\u0430\u0435 \u0441 \u0440\u0435\u0430\u043b\u044c\u043d\u044b\u043c \u0430\u0432\u0442\u043e\u043c\u043e\u0431\u0438\u043b\u0435\u043c \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0435\u043d\u043d\u044b\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043c\u043e\u0436\u043d\u043e \u0437\u0430\u0434\u0435\u0439\u0441\u0442\u0432\u043e\u0432\u0430\u0442\u044c \u0447\u0435\u0440\u0435\u0437 \u0441\u043b\u0443\u0436\u0431\u0443 USB, \u0434\u043e\u0441\u0442\u0443\u043f\u043d\u0443\u044e \u043e\u0431\u044b\u0447\u043d\u043e\u043c\u0443 \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044e. \n\n\u0412 \u0446\u0435\u043b\u043e\u043c, \u0432 \u043f\u0440\u043e\u0446\u0435\u0441\u0441\u0435 \u0438\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u043d\u0438\u044f \u0431\u044b\u043b\u0438 \u0437\u0430\u0440\u0435\u0433\u0438\u0441\u0442\u0440\u0438\u0440\u043e\u0432\u0430\u043d\u044b \u0441\u043b\u0435\u0434\u0443\u044e\u0449\u0438\u0435 \u0438\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440\u044b \u0434\u043b\u044f \u0432\u044b\u044f\u0432\u043b\u0435\u043d\u043d\u044b\u0445 \u043f\u0440\u043e\u0431\u043b\u0435\u043c: CVE-2024-37601 - CVE-2024-37603, CVE-2023-34397 - CVE-2023-34404, CVE-2023-34406.\n\n\u041f\u043e\u0434\u0440\u043e\u0431\u043d\u0430\u044f \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f \u043f\u043e \u043a\u0430\u0436\u0434\u043e\u0439 CVE - \u0437\u0434\u0435\u0441\u044c, \u0430 \u0442\u0435\u0445\u043d\u0438\u0447\u0435\u0441\u043a\u0438\u0435 \u043f\u043e\u0434\u0440\u043e\u0431\u043d\u043e\u0441\u0442\u0438 - \u0432 \u043e\u0442\u0447\u0435\u0442\u0435.", "creation_timestamp": "2025-01-20T18:30:05.000000Z"}, {"uuid": "7296edd7-9a45-4938-ac7f-bd13553eeb10", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-3440", "type": "seen", "source": "https://t.me/cibsecurity/71460", "content": "\u203c CVE-2023-3440 \u203c\n\nIncorrect Default Permissions vulnerability in Hitachi JP1/Performance Management on Windows allows File Manipulation.This issue affects JP1/Performance Management - Manager: from 09-00 before 12-50-07; JP1/Performance Management - Base: from 09-00 through 10-50-*; JP1/Performance Management - Agent Option for Application Server: from 11-00 before 11-50-16; JP1/Performance Management - Agent Option for Enterprise Applications: from 09-00 before 12-00-14; JP1/Performance Management - Agent Option for HiRDB: from 09-00 before 12-00-14; JP1/Performance Management - Agent Option for IBM Lotus Domino: from 10-00 before 11-50-16; JP1/Performance Management - Agent Option for Microsoft(R) Exchange Server: from 09-00 before\u00c2\u00a0 12-00-14; JP1/Performance Management - Agent Option for Microsoft(R) Internet Information Server: from 09-00 before 12-00-14; JP1/Performance Management - Agent Option for Microsoft(R) SQL Server: from 09-00 before 12-50-07; JP1/Performance Management - Agent Option for Oracle: from 09-00 before\u00c2\u00a0 12-10-08; JP1/Performance Management - Agent Option for Platform: from 09-00 before 12-50-07; JP1/Performance Management - Agent Option for Service Response: from 09-00 before 11-50-16; JP1/Performance Management - Agent Option for Transaction System: from 11-00 before 12-00-14; JP1/Performance Management - Remote Monitor for Microsoft(R) SQL Server: from 09-00 before 12-50-07; JP1/Performance Management - Remote Monitor for Oracle: from 09-00 before 12-10-08; JP1/Performance Management - Remote Monitor for Platform: from 09-00 before 12-10-08; JP1/Performance Management - Remote Monitor for Virtual Machine: from 10-00 before 12-50-07; JP1/Performance Management - Agent Option for Domino: from 09-00 through 09-00-*; JP1/Performance Management - Agent Option for IBM WebSphere Application Server: from 09-00 through 10-00-*; JP1/Performance Management - Agent Option for IBM WebSphere MQ: from 09-00 through 10-00-*; JP1/Performance Management - Agent Option for JP1/AJS3: from 09-00 through 10-00-*; JP1/Performance Management - Agent Option for OpenTP1: from 09-00 through 10-00-*; JP1/Performance Management - Agent Option for Oracle WebLogic Server: from 09-00 through 10-00-*; JP1/Performance Management - Agent Option for uCosminexus Application Server: from 09-00 through 10-00-*; JP1/Performance Management - Agent Option for Virtual Machine: from 09-00 through 09-01-*.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-10-03T07:41:03.000000Z"}]}