CVE-2023-32156

CRITICAL Year: 2023
CVSS v3 Score
9.0
Critical
Weakness Type
CWE-367
View all →

Vulnerability Description

Tesla Model 3 Gateway Firmware Signature Validation Bypass Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected Tesla Model 3 vehicles. An attacker must first obtain the ability to execute privileged code on the Tesla infotainment system in order to exploit this vulnerability. The specific flaw exists within the handling of firmware updates. The issue results from improper error-handling during the update process. An attacker can leverage this vulnerability to execute code in the context of Tesla's Gateway ECU. . Was ZDI-CAN-20734.

Related Vulnerabilities

CVE-2019-19793

HIGH
CVSS:8.8(High)

In Cyxtera AppGate SDP Client 4.1.x through 4.3.x before 4.3.2 on Windows, a local or remote user from the same domain can gain privileges.

CWE-3672019

CVE-2019-9486

HIGH
CVSS:8.8(High)

STRATO HiDrive Desktop Client 5.0.1.0 for Windows suffers from a SYSTEM privilege escalation vulnerability through the HiDriveMaintenanceService service. This service establishes a NetNamedPipe endpoi...

CWE-3672019

CVE-2024-23463

HIGH
CVSS:8.8(High)

Anti-tampering protection of the Zscaler Client Connector can be bypassed under certain conditions when running the Repair App functionality. This affects Zscaler Client Connector on Windows prior to ...

CWE-3672024

CVE-2024-24993

HIGH
CVSS:8.8(High)

A Race Condition (TOCTOU) vulnerability in web component of Ivanti Avalanche before 6.4.3 allows a remote authenticated attacker to execute arbitrary commands as SYSTEM.

CWE-3672024

CVE-2024-24995

HIGH
CVSS:8.8(High)

A Race Condition (TOCTOU) vulnerability in web component of Ivanti Avalanche before 6.4.3 allows a remote authenticated attacker to execute arbitrary commands as SYSTEM.

CWE-3672024