CVE-2022-37418

Severity Score

6.4

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

The Remote Keyless Entry (RKE) receiving unit on certain Nissan, Kia, and Hyundai vehicles through 2017 allows remote attackers to perform unlock operations and force a resynchronization after capturing two consecutive valid key fob signals over the radio, aka a RollBack attack. The attacker retains the ability to unlock indefinitely.

La unidad receptora de entrada remota sin llave (RKE) en determinados vehículos Nissan, Kia y Hyundai versiones hasta 2017, permite a atacantes remotos llevar a cabo operaciones de desbloqueo y forzar una resincronización después de capturar dos señales válidas consecutivas del llavero a través de la radio, también se conoce como un ataque RollBack. El atacante conserva la capacidad de desbloquear indefinidamente.

*Credits: N/A

CVSS Scores

NISTv3.1 6.4

Attack Vector

Adjacent

Attack Complexity

High

Privileges Required

None

User Interaction

Required

Scope

Unchanged

Confidentiality

None

Integrity

High

Availability

High

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2022-08-05 CVE Reserved
2022-08-24 CVE Published
2024-08-03 CVE Updated
2024-08-03 First Exploit
2024-11-15 EPSS Updated
---------- Exploited in Wild
---------- KEV Due Date

CWE

CWE-294: Authentication Bypass by Capture-replay

CAPEC

References (5)

URL	Tag	Source
https://www.pcmag.com/news/is-your-car-key-fob-vulnerable-to-this-simple-replay-attack	Media Coverage

URL	Date	SRC
https://hackaday.com/2022/08/17/rollback-breaks-into-your-car	2024-08-03
https://medium.com/codex/rollback-a-new-time-agnostic-replay-attack-against-the-automotive-remote-keyless-entry-systems-df5f99ba9490	2024-08-03
https://www.blackhat.com/us-22/briefings/schedule/#rollback---a-new-time-agnostic-replay-attack-against-the-automotive-remote-keyless-entry-systems-27185	2024-08-03
https://www.youtube.com/playlist?list=PLYodcy84oQL1gxwiuRm13xRXxTQL9cO5t	2024-08-03

URL	Date	SRC

URL	Date	SRC

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Nissan Search vendor "Nissan"	Nissan Firmware Search vendor "Nissan" for product "Nissan Firmware"	<= 2017 Search vendor "Nissan" for product "Nissan Firmware" and version " <= 2017"	-	Affected	in	Nissan Search vendor "Nissan"	Nissan Search vendor "Nissan" for product "Nissan"	-	-	Safe
Kia Search vendor "Kia"	Kia Firmware Search vendor "Kia" for product "Kia Firmware"	<= 2017 Search vendor "Kia" for product "Kia Firmware" and version " <= 2017"	-	Affected	in	Kia Search vendor "Kia"	Kia Search vendor "Kia" for product "Kia"	-	-	Safe
Hyundai Search vendor "Hyundai"	Hyundai Firmware Search vendor "Hyundai" for product "Hyundai Firmware"	<= 2017 Search vendor "Hyundai" for product "Hyundai Firmware" and version " <= 2017"	-	Affected	in	Hyundai Search vendor "Hyundai"	Hyundai Search vendor "Hyundai" for product "Hyundai"	-	-	Safe