CVE-2023-34401: Low severity Mercedes-Benz Headunit Ntg6 Mercedes-benz User Experience vulnerability
Mercedes-Benz head-unit NTG6 contains functions to import or export profile settings over USB. Inside profile folder there is a file, which is encoded with proprietary UD2 codec. Due to missed size checks in the enapsulate file, attacker can achieve Out-of-Bound Read in heap memory.
Affected Software
Event History
Frequently Asked Questions
What is the severity of CVE-2023-34401?
CVE-2023-34401 has been classified as a high severity vulnerability due to the potential for an attacker to exploit Out-of-Bound Read in heap memory.
How do I fix CVE-2023-34401?
To mitigate CVE-2023-34401, ensure that your Mercedes-Benz head-unit NTG6 is updated to the latest available software version provided by the manufacturer.
What systems are affected by CVE-2023-34401?
CVE-2023-34401 specifically affects the Mercedes-Benz head-unit NTG6 with versions up to and including 2021.
What is the impact of CVE-2023-34401 on vehicle security?
The impact of CVE-2023-34401 includes potential unauthorized access to sensitive data associated with user profiles, increasing risks of privacy breaches.
Is there a workaround for CVE-2023-34401?
Currently, there are no documented workarounds for CVE-2023-34401, and the best course of action is to apply the appropriate software updates.