CVE-2020-28656

Name of the Vulnerable Software and Affected Versions Volkswagen Polo 2019 Discover Media infotainment system

Description The issue concerns the update functionality of the Discover Media infotainment system, which allows physically proximate attackers to execute arbitrary code. This is possible because some unsigned parts of a metainfo file are parsed, leading to the potential for attacker-controlled files to be written to the infotainment system and executed as root.

Recommendations For the Volkswagen Polo 2019 Discover Media infotainment system, consider restricting physical access to the system to minimize the risk of exploitation until a patch is available. As a temporary workaround, avoid using the update functionality that parses unsigned parts of metainfo files. At the moment, there is no information about a newer version that contains a fix for this vulnerability.