CVE-2024-6348 MEDIUM

CVE-2024-6348: Predictable seed generation after ECU reset

Weakness CWE-330 · Insufficient randomness
Published August 19, 2024
Last update August 19, 2024

CVSS base score

5.3/10
Attack vector Adjacent
Attack complexity Low
Privileges required None
User interaction None
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:L/SI:N/SA:N/AU:Y/V:D/RE:H

What the vulnerability does

01Description

Predictable seed generation in the security access mechanism of UDS in the Blind Spot Protection Sensor ECU in Nissan Altima (2022) allows attackers to predict the requested seeds and bypass security controls via repeated ECU resets and seed requests.

Key dates

02Disclosure timeline

August 19, 2024 CVE published
August 19, 2024 Record updated