CVE-2023-28898
CVSS 3.1 Score 5.3 of 10 (medium)
Details
Summary
CVE-2023-28898 is a newly discovered vulnerability affecting the Real-Time Streaming Protocol implementation in the MIB3 infotainment system of Škoda Superb III (3V3) 2.0 TDI vehicles produced in 2022. The issue lies in the way the system handles requests to the /logs URI when the id parameter equals zero. This vulnerability can be exploited by an attacker on the in-vehicle Wi-Fi network, causing a denial-of-service to the infotainment system under specific conditions. The precise implications of this vulnerability for vehicle safety and functionality are yet to be fully understood.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Affected Vendors
- Skoda Auto