How severe is CVE-2018-1170?

This vulnerability has a severity rating of HIGH with a CVSS score of 8.8 out of 10.

What type of vulnerability is CVE-2018-1170?

This is classified as CWE-693, which is a common weakness in software security.

CVE-2018-1170 - HIGH Severity | CVSS 8.8

Vulnerability Description

This vulnerability allows adjacent attackers to inject arbitrary Controller Area Network messages on vulnerable installations of Volkswagen Customer-Link App 1.30 and HTC Customer-Link Bridge. Authentication is not required to exploit this vulnerability. The specific flaw exists within the Customer-Link App and Customer-Link Bridge. The issue results from the lack of a proper protection mechanism against unauthorized firmware updates. An attacker can leverage this vulnerability to inject CAN messages. Was ZDI-CAN-5264.

Related Vulnerabilities

CVE-2017-10952

HIGH

CVSS:8.8(High)

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 8.2.0.2051. User interaction is required to exploit this vulnerability in that the targ...

CWE-6932017

CVE-2018-14280

HIGH

CVSS:8.8(High)

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.1049. User interaction is required to exploit this vulnerability in that the targ...

CWE-6932018

CVE-2018-14281

HIGH

CVSS:8.8(High)

CWE-6932018

CVE-2019-13516

HIGH

CVSS:8.8(High)

In OSIsoft PI Web API and prior, the affected product is vulnerable to a direct attack due to a cross-site request forgery protection setting that has not taken effect.

CWE-6932019

CVE-2021-31982

HIGH

CVSS:8.8(High)

Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability

CWE-6932021

CVE-2022-22761

HIGH

CVSS:8.8(High)

Web-accessible extension pages (pages with a moz-extension:// scheme) were not correctly enforcing the frame-ancestors directive when it was used in the Web Extension's Content Security Policy. This v...

CWE-6932022