IP Address Disclosure in Harman Infotainment Systems via CarPlay CTRL
CVE-2023-40292

4.3MEDIUM

Key Information:

Vendor: Samsung
Status: Harman Infotainment
Vendor: CVE Published:; 14 August 2023

Summary

Harman Infotainment systems starting from version 20190525031613 expose sensitive IP address information through CarPlay CTRL packets. This vulnerability poses a risk as unauthorized individuals could exploit this information to target vehicles and their systems more effectively, leading to potential privacy and security breaches. Users of these infotainment systems should be aware of this issue and take necessary precautions.

References

https://autohack.in/2023/07/26/dude-its-my-car-how-to-dev...

CVSS V3.1

Score:

4.3

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Adjacent Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Aug 14, 2023
Vulnerability Reserved
Aug 14, 2023