CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-6348 – Predictable seed generation after ECU reset
https://notcve.org/view.php?id=CVE-2024-6348
19 Aug 2024 — Predictable seed generation in the security access mechanism of UDS in the Blind Spot Protection Sensor ECU in Nissan Altima (2022) allows attackers to predict the requested seeds and bypass security controls via repeated ECU resets and seed requests. • https://asrg.io/security-advisories • CWE-330: Use of Insufficiently Random Values •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-6347 – Unauthorized access to ECU functionality
https://notcve.org/view.php?id=CVE-2024-6347
15 Aug 2024 — * Unprotected privileged mode access through UDS session in the Blind Spot Detection Sensor ECU firmware in Nissan Altima (2022) allows attackers to trigger denial-of-service (DoS) by unauthorized access to the ECU's programming session. * No preconditions implemented for ECU management functionality through UDS session in the Blind Spot Detection Sensor ECU in Nissan Altima (2022) allows attackers to disrupt normal ECU operations by triggering a control command without authentication. • https://asrg.io/security-advisories/CVE-2024-6347 • CWE-285: Improper Authorization CWE-306: Missing Authentication for Critical Function •