CVE-2023-28898

CVSS 3.1 Score 5.3 of 10 (medium)

Details

Published Jan 12, 2024
Updated: Jan 22, 2024
CWE ID 233

Summary

CVE-2023-28898 is a newly discovered vulnerability affecting the Real-Time Streaming Protocol implementation in the MIB3 infotainment system of Škoda Superb III (3V3) 2.0 TDI vehicles produced in 2022. The issue lies in the way the system handles requests to the /logs URI when the id parameter equals zero. This vulnerability can be exploited by an attacker on the in-vehicle Wi-Fi network, causing a denial-of-service to the infotainment system under specific conditions. The precise implications of this vulnerability for vehicle safety and functionality are yet to be fully understood.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share