|
[Japanese]
|
JVNDB-2020-002957
|
A vulnerability in TOYOTA MOTOR's DCU (Display Control Unit)
|
|
TOYOTA MOTOR's DCU contains a vulnerability which is triggered by BlueBorne vulnerability.
TOYOTA MOTER CORPORATION reported this vulnerability to JPCERT/CC to notify users of its solution through JVN.
|
|
CVSS V3 Severity:
Base Metrics 8.2 (High) [IPA Score]
- Attack Vector: Adjacent Network
- Attack Complexity: High
- Privileges Required: None
- User Interaction: None
- Scope: Changed
- Confidentiality Impact: High
- Integrity Impact: High
- Availability Impact: Low
CVSS V2 Severity:
Base Metrics 6.5 (Medium) [IPA Score]
- Access Vector: Adjacent Network
- Access Complexity: High
- Authentication: None
- Confidentiality Impact: Complete
- Integrity Impact: Complete
- Availability Impact: Partial
|
|
|
TOYOTA MOTOR CORPORATION
|
2017 Model Year DCUs are affected.
These DCUs are mounted on the vehicles listed below:
* Vehicle: LC, LS, NX, RC, RC-F, CAMRY, SIENNA
* The period of time: October 2016 to October 2019
* Region: Worldwide regions except Japan
For details, refer to [Vendor Status].
|
|
An unauthenticated attacker may cause a denial of service (DoS) condition or execute an arbitrary command on the DCU.
Certain vehicle operations may be conducted via DCU.
According to the developer, critical vehicle controls such as driving, turning, and stopping are not affected.
For details, refer to the information under [Vendor Status] and [References].
|
|
[Update DCU]
The developer states that the update fixing this vulnerability is available.
For the details, refer to [Vendor Status].
|
|
TOYOTA MOTOR CORPORATION
|
|
- Incorrect Default Permissions(CWE-276) [NVD Evaluation]
|
|
- CVE-2020-5551
|
|
- JVN : JVNVU#99396686
- National Vulnerability Database (NVD) : CVE-2020-5551
- US-CERT Vulnerability Note : VU#240311
- Related document : Tencent Keen Security Lab
|
|
- [2024/08/20]
Web page was published
|
