{"dataType":"CVE_RECORD","dataVersion":"5.1","cveMetadata":{"cveId":"CVE-2024-6348","assignerOrgId":"c15abc07-96a9-4d11-a503-5d621bfe42ba","state":"PUBLISHED","assignerShortName":"ASRG","dateReserved":"2024-06-26T10:31:26.483Z","datePublished":"2024-08-19T15:12:25.216Z","dateUpdated":"2024-08-19T19:26:54.514Z"},"containers":{"cna":{"affected":[{"defaultStatus":"unaffected","modules":["Blind Spot Protection Sensor"],"packageName":"ECU","product":"Altima","vendor":"Nissan","versions":[{"status":"unknown","version":"Altima 2022"}]}],"credits":[{"lang":"en","type":"finder","value":"Thomas Sermpinis"}],"descriptions":[{"lang":"en","supportingMedia":[{"base64":false,"type":"text/html","value":"Predictable seed generation in the security access mechanism of UDS in the Blind Spot Protection Sensor ECU in Nissan Altima (2022) allows attackers to predict the requested seeds and bypass security controls via repeated ECU resets and seed requests."}],"value":"Predictable seed generation in the security access mechanism of UDS in the Blind Spot Protection Sensor ECU in Nissan Altima (2022) allows attackers to predict the requested seeds and bypass security controls via repeated ECU resets and seed requests."}],"impacts":[{"capecId":"CAPEC-112","descriptions":[{"lang":"en","value":"CAPEC-112: Brute Force - An attacker can use brute force techniques to pre-calculate keys for the known seeds"}]}],"metrics":[{"cvssV4_0":{"Automatable":"YES","Recovery":"NOT_DEFINED","Safety":"NOT_DEFINED","attackComplexity":"LOW","attackRequirements":"NONE","attackVector":"ADJACENT","baseScore":5.3,"baseSeverity":"MEDIUM","privilegesRequired":"NONE","providerUrgency":"NOT_DEFINED","subAvailabilityImpact":"NONE","subConfidentialityImpact":"LOW","subIntegrityImpact":"NONE","userInteraction":"NONE","valueDensity":"DIFFUSE","vectorString":"CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:L/SI:N/SA:N/AU:Y/V:D/RE:H","version":"4.0","vulnAvailabilityImpact":"NONE","vulnConfidentialityImpact":"LOW","vulnIntegrityImpact":"NONE","vulnerabilityResponseEffort":"HIGH"},"format":"CVSS","scenarios":[{"lang":"en","value":"GENERAL"}]}],"problemTypes":[{"descriptions":[{"cweId":"CWE-330","description":"CWE-330: Use of Insufficiently Random Values","lang":"en","type":"CWE"}]}],"providerMetadata":{"orgId":"c15abc07-96a9-4d11-a503-5d621bfe42ba","shortName":"ASRG","dateUpdated":"2024-08-19T15:12:25.216Z"},"references":[{"url":"https://asrg.io/security-advisories/"}],"source":{"discovery":"UNKNOWN"},"title":"Predictable seed generation after ECU reset","x_generator":{"engine":"Vulnogram 0.2.0"}},"adp":[{"metrics":[{"other":{"type":"ssvc","content":{"timestamp":"2024-08-19T19:26:41.720231Z","id":"CVE-2024-6348","options":[{"Exploitation":"none"},{"Automatable":"no"},{"Technical Impact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2024-08-19T19:26:54.514Z"}}]}}