ID

VAR-202003-1421


CVE

CVE-2020-5551


TITLE

Made by Toyota DCU ( Display control unit ) Vulnerability to

Trust: 0.8

sources: JVNDB: JVNDB-2020-002957

DESCRIPTION

Toyota 2017 Model Year DCU (Display Control Unit) allows an unauthenticated attacker within Bluetooth range to cause a denial of service attack and/or execute an arbitrary command. The affected DCUs are installed in Lexus (LC, LS, NX, RC, RC F), TOYOTA CAMRY, and TOYOTA SIENNA manufactured in the regions other than Japan from Oct. 2016 to Oct. 2019. An attacker with certain knowledge on the target vehicle control system may be able to send some diagnostic commands to ECUs with some limited availability impacts; the vendor states critical vehicle controls such as driving, turning, and stopping are not affected. Made by Toyota DCU ( Display control unit ) To BlueBorne There is a vulnerability resulting from the vulnerability in. This vulnerability information is provided by the developer for the purpose of disseminating it to product users. JPCERT/CC Report to JPCERT/CC Coordinated with the developer.By a third party DCU Service luck against ? Interference (DoS) An attack could be carried out or an arbitrary command could be implemented. Also, DCU There is a possibility that operations will be performed on the vehicle via. According to the developer, it has been confirmed that it does not affect vehicle motion control such as running, turning, and stopping. For details, please see [Vendor Information] and [Reference Information]

Trust: 2.16

sources: NVD: CVE-2020-5551 // JVNDB: JVNDB-2020-002957 // CNVD: CNVD-2020-29577

IOT TAXONOMY

category:['IoT']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2020-29577

AFFECTED PRODUCTS

vendor:toyotamodel:display control unitscope:eqversion: -

Trust: 1.0

vendor:toyota motormodel:display control unitscope: - version: -

Trust: 0.8

vendor:toyotamodel:display control unitscope: - version: -

Trust: 0.6

sources: CNVD: CNVD-2020-29577 // JVNDB: JVNDB-2020-002957 // NVD: CVE-2020-5551

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2020-5551
value: HIGH

Trust: 1.0

IPA: JVNDB-2020-002957
value: HIGH

Trust: 0.8

CNVD: CNVD-2020-29577
value: HIGH

Trust: 0.6

CNNVD: CNNVD-202003-1698
value: HIGH

Trust: 0.6

nvd@nist.gov: CVE-2020-5551
severity: MEDIUM
baseScore: 5.4
vectorString: AV:A/AC:M/AU:N/C:P/I:P/A:P
accessVector: ADJACENT_NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 5.5
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

IPA: JVNDB-2020-002957
severity: MEDIUM
baseScore: 6.5
vectorString: AV:A/AC:H/AU:N/C:C/I:C/A:P
accessVector: ADJACENT NETWORK
accessComplexity: HIGH
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: PARTIAL
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

CNVD: CNVD-2020-29577
severity: HIGH
baseScore: 8.3
vectorString: AV:A/AC:L/AU:N/C:C/I:C/A:C
accessVector: ADJACENT_NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 6.5
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2020-5551
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: ADJACENT
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 5.9
version: 3.1

Trust: 1.0

IPA: JVNDB-2020-002957
baseSeverity: HIGH
baseScore: 8.2
vectorString: CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:L
attackVector: ADJACENT NETWORK
attackComplexity: HIGH
privilegesRequired: NONE
userInteraction: NONE
scope: CHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: LOW
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2020-29577 // JVNDB: JVNDB-2020-002957 // CNNVD: CNNVD-202003-1698 // NVD: CVE-2020-5551

PROBLEMTYPE DATA

problemtype:CWE-276

Trust: 1.0

sources: NVD: CVE-2020-5551

THREAT TYPE

remote or local

Trust: 0.6

sources: CNNVD: CNNVD-202003-1698

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202003-1698

CONFIGURATIONS

sources: JVNDB: JVNDB-2020-002957

PATCH

title:Tencent Keen Security Labの自動車サイバーセキュリティ向上への貢献とトヨタ自動車の取り組みについてurl:https://global.toyota/jp/newsroom/corporate/32120597.html

Trust: 0.8

title:Patch for Toyota 2017 Model Year DCU arbitrary code execution vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/218507

Trust: 0.6

title:Toyota 2017 Model Year DCU Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=113097

Trust: 0.6

sources: CNVD: CNVD-2020-29577 // JVNDB: JVNDB-2020-002957 // CNNVD: CNNVD-202003-1698

EXTERNAL IDS

db:NVDid:CVE-2020-5551

Trust: 3.0

db:JVNid:JVNVU99396686

Trust: 2.4

db:CERT/CCid:VU#240311

Trust: 0.8

db:JVNDBid:JVNDB-2020-002957

Trust: 0.8

db:CNVDid:CNVD-2020-29577

Trust: 0.6

db:CNNVDid:CNNVD-202003-1698

Trust: 0.6

sources: CNVD: CNVD-2020-29577 // JVNDB: JVNDB-2020-002957 // CNNVD: CNNVD-202003-1698 // NVD: CVE-2020-5551

REFERENCES

url:https://nvd.nist.gov/vuln/detail/cve-2020-5551

Trust: 2.0

url:https://jvn.jp/en/vu/jvnvu99396686/index.html

Trust: 1.6

url:https://global.toyota/en/newsroom/corporate/32120629.html

Trust: 1.6

url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-5551

Trust: 0.8

url:https://jvn.jp/vu/jvnvu99396686/index.html

Trust: 0.8

url:https://www.kb.cert.org/vuls/id/240311/

Trust: 0.8

url:https://keenlab.tencent.com/en/2020/03/30/tencent-keen-security-lab-experimental-security-assessment-on-lexus-cars/

Trust: 0.8

sources: CNVD: CNVD-2020-29577 // JVNDB: JVNDB-2020-002957 // CNNVD: CNNVD-202003-1698 // NVD: CVE-2020-5551

CREDITS

Tencent Cohen Lab

Trust: 0.6

sources: CNNVD: CNNVD-202003-1698

SOURCES

db:CNVDid:CNVD-2020-29577
db:JVNDBid:JVNDB-2020-002957
db:CNNVDid:CNNVD-202003-1698
db:NVDid:CVE-2020-5551

LAST UPDATE DATE

2024-08-14T12:42:54.433000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2020-29577date:2020-05-24T00:00:00
db:JVNDBid:JVNDB-2020-002957date:2020-04-21T00:00:00
db:CNNVDid:CNNVD-202003-1698date:2020-04-07T00:00:00
db:NVDid:CVE-2020-5551date:2020-04-03T22:45:52.570

SOURCES RELEASE DATE

db:CNVDid:CNVD-2020-29577date:2020-05-22T00:00:00
db:JVNDBid:JVNDB-2020-002957date:2020-03-31T00:00:00
db:CNNVDid:CNNVD-202003-1698date:2020-03-30T00:00:00
db:NVDid:CVE-2020-5551date:2020-03-30T05:15:27.140