PT-2016-5131 · Lemur Vehicle Monitors · Bluedriver
Dan Klinedinst
·
Published
2016-04-22
·
Updated
2016-05-31
·
CVE-2016-2354
CVSS v3.1
8.8
High
| Vector | AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Lemur Vehicle Monitors BlueDriver versions prior to 2016-04-07
Description
The issue concerns the Bluetooth functionality, which allows for unrestricted pairing without a PIN. This enables remote attackers to send arbitrary CAN commands by accessing a device inside or adjacent to the vehicle. For example, an attacker could disrupt braking or steering by sending a specific CAN command.
Recommendations
For versions prior to 2016-04-07, consider disabling the Bluetooth functionality until a fix is available to prevent unauthorized access. Restrict physical access to the vehicle and its devices to minimize the risk of exploitation.
Fix
Improper Access Control
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Bluedriver