jvndb - jvndb-2020-002957

jvndb-2020-002957

Vulnerability from jvndb

Published

2024-08-20 18:12

Modified

2024-08-20 18:12

Severity

8.2 (High) - cvssV3_0 - CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:L

Summary

A vulnerability in TOYOTA MOTOR's DCU (Display Control Unit)

Details

TOYOTA MOTOR's DCU contains a vulnerability which is triggered by BlueBorne vulnerability. TOYOTA MOTER CORPORATION reported this vulnerability to JPCERT/CC to notify users of its solution through JVN.

References

Type	URL
JVN	https://jvn.jp/en/vu/JVNVU99396686/index.html
CVE	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-5551
NVD	https://nvd.nist.gov/vuln/detail/CVE-2020-5551
CERT-VN	https://www.kb.cert.org/vuls/id/240311/
Related document	https://keenlab.tencent.com/en/2020/03/30/Tencent-Keen-Security-Lab-Experimental-Security-Assessment-on-Lexus-Cars/
Incorrect Default Permissions(CWE-276)	https://cwe.mitre.org/data/definitions/276.html

Impacted products

Vendor	Product
TOYOTA MOTOR CORPORATION	Display Control Unit

Show details on JVN DB website

JSON

To clipboard

{
  "@rdf:about": "https://jvndb.jvn.jp/en/contents/2020/JVNDB-2020-002957.html",
  "dc:date": "2024-08-20T18:12+09:00",
  "dcterms:issued": "2024-08-20T18:12+09:00",
  "dcterms:modified": "2024-08-20T18:12+09:00",
  "description": "TOYOTA MOTOR\u0027s DCU contains a vulnerability which is triggered by BlueBorne vulnerability.\r\n\r\nTOYOTA MOTER CORPORATION reported this vulnerability to JPCERT/CC to notify users of its solution through JVN.",
  "link": "https://jvndb.jvn.jp/en/contents/2020/JVNDB-2020-002957.html",
  "sec:cpe": {
    "#text": "cpe:/h:toyota:display_control_unit",
    "@product": "Display Control Unit",
    "@vendor": "TOYOTA MOTOR CORPORATION",
    "@version": "2.2"
  },
  "sec:cvss": [
    {
      "@score": "6.5",
      "@severity": "Medium",
      "@type": "Base",
      "@vector": "AV:A/AC:H/Au:N/C:C/I:C/A:P",
      "@version": "2.0"
    },
    {
      "@score": "8.2",
      "@severity": "High",
      "@type": "Base",
      "@vector": "CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:L",
      "@version": "3.0"
    }
  ],
  "sec:identifier": "JVNDB-2020-002957",
  "sec:references": [
    {
      "#text": "https://jvn.jp/en/vu/JVNVU99396686/index.html",
      "@id": "JVNVU#99396686",
      "@source": "JVN"
    },
    {
      "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-5551",
      "@id": "CVE-2020-5551",
      "@source": "CVE"
    },
    {
      "#text": "https://nvd.nist.gov/vuln/detail/CVE-2020-5551",
      "@id": "CVE-2020-5551",
      "@source": "NVD"
    },
    {
      "#text": "https://www.kb.cert.org/vuls/id/240311/",
      "@id": "VU#240311",
      "@source": "CERT-VN"
    },
    {
      "#text": "https://keenlab.tencent.com/en/2020/03/30/Tencent-Keen-Security-Lab-Experimental-Security-Assessment-on-Lexus-Cars/",
      "@id": "Tencent Keen Security Lab",
      "@source": "Related document"
    },
    {
      "#text": "https://cwe.mitre.org/data/definitions/276.html",
      "@id": "CWE-276",
      "@title": "Incorrect Default Permissions(CWE-276)"
    }
  ],
  "title": "A vulnerability in TOYOTA MOTOR\u0027s DCU (Display Control Unit)"
}

cve-2020-5551

Vulnerability from cvelistv5

Published

2020-03-30 04:05

Modified

2024-08-04 08:30

Severity

Summary

Toyota 2017 Model Year DCU (Display Control Unit) allows an unauthenticated attacker within Bluetooth range to cause a denial of service attack and/or execute an arbitrary command. The affected DCUs are installed in Lexus (LC, LS, NX, RC, RC F), TOYOTA CAMRY, and TOYOTA SIENNA manufactured in the regions other than Japan from Oct. 2016 to Oct. 2019. An attacker with certain knowledge on the target vehicle control system may be able to send some diagnostic commands to ECUs with some limited availability impacts; the vendor states critical vehicle controls such as driving, turning, and stopping are not affected.

References

URL	Tags
https://jvn.jp/en/vu/JVNVU99396686/index.html	x_refsource_MISC
https://global.toyota/en/newsroom/corporate/32120629.html	x_refsource_MISC

Impacted products

Vendor	Product
TOYOTA MOTOR CORPORATION	DCU (Display Control Unit)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T08:30:24.551Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://jvn.jp/en/vu/JVNVU99396686/index.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://global.toyota/en/newsroom/corporate/32120629.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "DCU (Display Control Unit)",
          "vendor": "TOYOTA MOTOR CORPORATION",
          "versions": [
            {
              "status": "affected",
              "version": "2017 Model Year"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Toyota 2017 Model Year DCU (Display Control Unit) allows an unauthenticated attacker within Bluetooth range to cause a denial of service attack and/or execute an arbitrary command. The affected DCUs are installed in Lexus (LC, LS, NX, RC, RC F), TOYOTA CAMRY, and TOYOTA SIENNA manufactured in the regions other than Japan from Oct. 2016 to Oct. 2019. An attacker with certain knowledge on the target vehicle control system may be able to send some diagnostic commands to ECUs with some limited availability impacts; the vendor states critical vehicle controls such as driving, turning, and stopping are not affected."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Denial-of-service (DoS)",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-03-30T04:05:13",
        "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "shortName": "jpcert"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://jvn.jp/en/vu/JVNVU99396686/index.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://global.toyota/en/newsroom/corporate/32120629.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "vultures@jpcert.or.jp",
          "ID": "CVE-2020-5551",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "DCU (Display Control Unit)",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "2017 Model Year"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "TOYOTA MOTOR CORPORATION"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Toyota 2017 Model Year DCU (Display Control Unit) allows an unauthenticated attacker within Bluetooth range to cause a denial of service attack and/or execute an arbitrary command. The affected DCUs are installed in Lexus (LC, LS, NX, RC, RC F), TOYOTA CAMRY, and TOYOTA SIENNA manufactured in the regions other than Japan from Oct. 2016 to Oct. 2019. An attacker with certain knowledge on the target vehicle control system may be able to send some diagnostic commands to ECUs with some limited availability impacts; the vendor states critical vehicle controls such as driving, turning, and stopping are not affected."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Denial-of-service (DoS)"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://jvn.jp/en/vu/JVNVU99396686/index.html",
              "refsource": "MISC",
              "url": "https://jvn.jp/en/vu/JVNVU99396686/index.html"
            },
            {
              "name": "https://global.toyota/en/newsroom/corporate/32120629.html",
              "refsource": "MISC",
              "url": "https://global.toyota/en/newsroom/corporate/32120629.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
    "assignerShortName": "jpcert",
    "cveId": "CVE-2020-5551",
    "datePublished": "2020-03-30T04:05:13",
    "dateReserved": "2020-01-06T00:00:00",
    "dateUpdated": "2024-08-04T08:30:24.551Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Action not permitted

jvndb-2020-002957

Vulnerability from jvndb

cve-2020-5551

Vulnerability from cvelistv5

Tags