CVE-2015-5611

Name of the Vulnerable Software and Affected Versions Uconnect versions prior to 15.26.1

Description The issue allows remote attackers in the same cellular network to control vehicle movement, cause human harm or physical damage, or modify dashboard settings. This is achieved via vectors related to modification of entertainment-system firmware and access of the CAN bus due to insufficient "Radio security protection." A demonstration of this issue was performed on a 2014 Jeep Cherokee Limited FWD.

Recommendations For versions prior to 15.26.1, update to version 15.26.1 or later to resolve the issue.