// For flags

CVE-2018-18071

 

Severity Score

7.5
*CVSS v3

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

2
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

An issue was discovered in the Daimler Mercedes-Benz Me app 2.11.0-846 for iOS. The encrypted Connected Vehicle API data exchange between the app and a server might be intercepted. The app can be used to operate the Remote Parking Pilot, unlock the vehicle, or obtain sensitive information such as latitude, longitude, and direction of travel.

Se ha descubierto un problema en la aplicación Daimler Mercedes-Benz Me 2.11.0-846 para iOS. El intercambio de datos cifrados de la API Connected Vehicle entre la aplicación y un servidor podría interceptarse. La aplicación puede emplearse para operar Remote Parking Pilot, desbloquear el vehículo u obtener información sensible como la latitud, longitud y dirección del viaje.

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
None
Availability
None
Attack Vector
Network
Attack Complexity
Low
Authentication
None
Confidentiality
Partial
Integrity
None
Availability
None
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2018-10-09 CVE Reserved
  • 2018-10-09 CVE Published
  • 2024-09-17 CVE Updated
  • 2024-09-17 EPSS Updated
  • 2024-09-17 First Exploit
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
CWE
  • CWE-319: Cleartext Transmission of Sensitive Information
CAPEC
References (2)
URL Tag Source
URL Date SRC
https://vuldb.com/?id.125081 2024-09-17
https://www.scip.ch/en/?labs.20180405 2024-09-17
URL Date SRC
URL Date SRC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Mercedes-benz
Search vendor "Mercedes-benz"
 Mercedes Me
Search vendor "Mercedes-benz" for product "Mercedes Me"
 2.11.0
Search vendor "Mercedes-benz" for product "Mercedes Me" and version "2.11.0"
iphone_os
Affected