Daimler Mercedes Comand 17-13.0 50.12 Navigation Route Calculation data processing
CVSS Meta Temp Score | Current Exploit Price (≈) | CTI Interest Score |
---|---|---|
6.2 | $0-$5k | 0.23 |
A vulnerability was found in Daimler Mercedes Comand 17-13.0 50.12 (Vehicle Software). It has been declared as critical. This vulnerability affects an unknown code of the component Navigation Route Calculation. The manipulation with an unknown input leads to a data processing vulnerability. The CWE definition for the vulnerability is CWE-19. As an impact it is known to affect availability.
The bug was discovered 07/13/2018. The weakness was published 10/09/2018 by Marc Ruef with scip AG as VulDB 125080 as confirmed entry (VulDB). The advisory is shared for download at vuldb.com. The public release happened without coordination with the vendor. This vulnerability was named CVE-2018-18070 since 10/09/2018. The attack can be initiated remotely. A single authentication is needed for exploitation. Technical details are unknown but a private exploit is available. Defining or receiving a specific route might cause the Comand system to freeze and reboot after a few seconds. Whenever the system starts up again, it tries to re-calculate the route which will cause a boot loop. Under certain circumstances it is possible to quickly overwrite the malicious route to regain stability of the system.
A private exploit has been developed by Marc Ruef. It is declared as functional. The vulnerability was handled as a non-public zero-day exploit for at least 88 days. During that time the estimated underground price was around $0-$5k. The real existence of this vulnerability is still doubted at the moment. A local attacker might define a specific route. Or a remote attacker might use the Mercedes Me App to send a specific route.
Vendor was contacted for the first time on 08/06/2018 and assured to get back to the researcher. No further contact happened which is why a second request was sent on 09/11/2018. The vendor did not respond until 10/09/2018. In the meanwhile the vendor claims that an affected device will be reset after four hours of not using. It was not possible to confirm that.
Additional details are provided at scip.ch.
Affected
- Mercedes C Class 2018
Product
Type
Vendor
Name
Version
CPE 2.3
CPE 2.2
CVSSv4
VulDB CVSS-B Score: 🔍VulDB CVSS-BT Score: 🔍
VulDB Vector: 🔍
VulDB Reliability: 🔍
CVSSv3
VulDB Meta Base Score: 6.2VulDB Meta Temp Score: 6.2
VulDB Base Score: 6.5
VulDB Temp Score: 6.4
VulDB Vector: 🔍
VulDB Reliability: 🔍
NVD Base Score: 5.9
NVD Vector: 🔍
CVSSv2
AV | AC | Au | C | I | A |
---|---|---|---|---|---|
💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
Vector | Complexity | Authentication | Confidentiality | Integrity | Availability |
---|---|---|---|---|---|
unlock | unlock | unlock | unlock | unlock | unlock |
unlock | unlock | unlock | unlock | unlock | unlock |
unlock | unlock | unlock | unlock | unlock | unlock |
VulDB Base Score: 🔍
VulDB Temp Score: 🔍
VulDB Reliability: 🔍
NVD Base Score: 🔍
Exploiting
Class: Data processingCWE: CWE-19
ATT&CK: Unknown
Local: No
Remote: Yes
Availability: 🔍
Access: Private
Status: Functional
Author: Marc Ruef
EPSS Score: 🔍
EPSS Percentile: 🔍
Price Prediction: 🔍
Current Price Estimation: 🔍
0-Day | unlock | unlock | unlock | unlock |
---|---|---|---|---|
Today | unlock | unlock | unlock | unlock |
Threat Intelligence
Interest: 🔍Active Actors: 🔍
Active APT Groups: 🔍
Countermeasures
Recommended: no mitigation knownStatus: 🔍
0-Day Time: 🔍
Timeline
07/13/2018 🔍08/06/2018 🔍
08/06/2018 🔍
10/09/2018 🔍
10/09/2018 🔍
10/09/2018 🔍
10/09/2018 🔍
05/23/2023 🔍
Sources
Advisory: VulDB 125080Researcher: Marc Ruef
Organization: scip AG
Status: Confirmed
Disputed: 🔍
CVE: CVE-2018-18070 (🔍)
scip Labs: https://www.scip.ch/en/?labs.20161013
Misc.: 🔍
Entry
Created: 10/09/2018 08:47Updated: 05/23/2023 12:20
Changes: 10/09/2018 08:47 (78), 08/05/2020 18:36 (1), 05/23/2023 12:20 (4)
Complete: 🔍
No comments yet. Languages: en.
Please log in to comment.