PT-2017-18791 · Bmw · Bmw 330I
Published
2017-05-23
·
Updated
2019-10-03
·
CVE-2017-9212
CVSS v2.0
7.8
High
| Vector | AV:N/AC:L/Au:N/C:N/I:N/A:C |
Name of the Vulnerable Software and Affected Versions
BMW 330i 2011
Description
The issue concerns the Bluetooth stack, which allows a remote crash of the CD/Multimedia software. This can be achieved by using
%x or %c format string specifiers in a device name.Recommendations
For the BMW 330i 2011, consider restricting the use of Bluetooth devices with specially crafted names to minimize the risk of exploitation. Avoid using the
%x or %c format string specifiers in device names until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.Exploit
Use of Externally-Controlled Format String
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Bmw 330I