CVE-2018-9322

Name of the Vulnerable Software and Affected Versions BMW HU NBT (Infotainment) component versions (affected versions not specified)

Description The issue allows local attacks through the USB or OBD-II interface, enabling an attacker to bypass the code-signing protection mechanism for firmware updates and obtain a root shell. This affects various BMW vehicle series produced between 2012 and 2018.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.