CVE-2020-15912 - OpenCVE

Tesla Model 3 vehicles allow attackers to open a door by leveraging access to a legitimate key card, and then using NFC Relay. NOTE: the vendor has developed Pin2Drive to mitigate this issue

Attack Vector Adjacent Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact High

Availability Impact None

User Interaction None

No CVSS v3.0

Access Vector Adjacent Network

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

AV:A/AC:L/Au:N/C:N/I:P/A:N

Vendors & Products
CPE Configurations

Vendors	Products
Tesla	Model 3 Firmware Model 3

Configuration 1 [-]

AND

cpe:2.3:o:tesla:model_3_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:tesla:model_3:-:*:*:*:*:*:*:*

References

Link	Resource
https://cansecwest.com/post/2020-03-09-22:00:00_2020_Speakers	Third Party Advisory
https://twitter.com/Kevin2600/status/1218892338182836224	Third Party Advisory
https://www.carhackingvillage.com/speaker-bios#htm3nrr	Broken Link
https://www.youtube.com/watch?v=VYKsfgox-bs	Third Party Advisory
https://www.youtube.com/watch?v=kQWg-Ywv3S4	Third Party Advisory
https://www.youtube.com/watch?v=nn-_3AbtEkI	Exploit Third Party Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2020-07-23T14:40:19

Updated: 2024-06-11T16:25:14.945Z

Reserved: 2020-07-23T00:00:00

Link: CVE-2020-15912

JSON object: View

NVD Information

Status : Modified

Published: 2020-07-23T15:15:12.040

Modified: 2024-06-11T17:15:49.737

Link: CVE-2020-15912

JSON object: View

Redhat Information

No data.

CWE

NVD-CWE-noinfo

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "descriptions": [{"lang": "en", "value": "Tesla Model 3 vehicles allow attackers to open a door by leveraging access to a legitimate key card, and then using NFC Relay. NOTE: the vendor has developed Pin2Drive to mitigate this issue"}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2020-08-10T12:21:41", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://cansecwest.com/post/2020-03-09-22:00:00_2020_Speakers"}, {"tags": ["x_refsource_MISC"], "url": "https://www.youtube.com/watch?v=kQWg-Ywv3S4"}, {"tags": ["x_refsource_MISC"], "url": "https://www.youtube.com/watch?v=VYKsfgox-bs"}, {"tags": ["x_refsource_MISC"], "url": "https://twitter.com/Kevin2600/status/1218892338182836224"}, {"tags": ["x_refsource_MISC"], "url": "https://www.youtube.com/watch?v=nn-_3AbtEkI"}, {"tags": ["x_refsource_MISC"], "url": "https://www.carhackingvillage.com/speaker-bios#htm3nrr"}], "tags": ["disputed"], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2020-15912", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "** DISPUTED ** Tesla Model 3 vehicles allow attackers to open a door by leveraging access to a legitimate key card, and then using NFC Relay. NOTE: the vendor has developed Pin2Drive to mitigate this issue."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "https://cansecwest.com/post/2020-03-09-22:00:00_2020_Speakers", "refsource": "MISC", "url": "https://cansecwest.com/post/2020-03-09-22:00:00_2020_Speakers"}, {"name": "https://www.youtube.com/watch?v=kQWg-Ywv3S4", "refsource": "MISC", "url": "https://www.youtube.com/watch?v=kQWg-Ywv3S4"}, {"name": "https://www.youtube.com/watch?v=VYKsfgox-bs", "refsource": "MISC", "url": "https://www.youtube.com/watch?v=VYKsfgox-bs"}, {"name": "https://twitter.com/Kevin2600/status/1218892338182836224", "refsource": "MISC", "url": "https://twitter.com/Kevin2600/status/1218892338182836224"}, {"name": "https://www.youtube.com/watch?v=nn-_3AbtEkI", "refsource": "MISC", "url": "https://www.youtube.com/watch?v=nn-_3AbtEkI"}, {"name": "https://www.carhackingvillage.com/speaker-bios#htm3nrr", "refsource": "MISC", "url": "https://www.carhackingvillage.com/speaker-bios#htm3nrr"}]}}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-06-11T16:25:07.278236Z", "id": "CVE-2020-15912", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-06-11T16:25:14.945Z"}}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2020-15912", "datePublished": "2020-07-23T14:40:19", "dateReserved": "2020-07-23T00:00:00", "dateUpdated": "2024-06-11T16:25:14.945Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:tesla:model_3_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "7310A3BA-56B9-4A82-A4B8-65ACA3C3D024", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:tesla:model_3:-:*:*:*:*:*:*:*", "matchCriteriaId": "825A79FD-C872-4564-9782-83BEEADDF5D9", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "Tesla Model 3 vehicles allow attackers to open a door by leveraging access to a legitimate key card, and then using NFC Relay. NOTE: the vendor has developed Pin2Drive to mitigate this issue"}, {"lang": "es", "value": "**EN DISPUTA** Los veh\u00edculos Tesla Model 3, permiten a atacantes abrir una puerta al aprovechar el acceso a una tarjeta de acceso leg\u00edtima y luego usar el NFC Relay. NOTA: el proveedor ha desarrollado Pin2Drive para mitigar este problema"}], "id": "CVE-2020-15912", "lastModified": "2024-06-11T17:15:49.737", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "LOW", "cvssData": {"accessComplexity": "LOW", "accessVector": "ADJACENT_NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 3.3, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:A/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 6.5, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2020-07-23T15:15:12.040", "references": [{"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://cansecwest.com/post/2020-03-09-22:00:00_2020_Speakers"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://twitter.com/Kevin2600/status/1218892338182836224"}, {"source": "cve@mitre.org", "tags": ["Broken Link"], "url": "https://www.carhackingvillage.com/speaker-bios#htm3nrr"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://www.youtube.com/watch?v=VYKsfgox-bs"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://www.youtube.com/watch?v=kQWg-Ywv3S4"}, {"source": "cve@mitre.org", "tags": ["Exploit", "Third Party Advisory"], "url": "https://www.youtube.com/watch?v=nn-_3AbtEkI"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}]}