CVE-2020-8539

Name of the Vulnerable Software and Affected Versions Kia Motors Head Unit versions SOP.003.30.18.0703, SOP.005.7.181019, and SOP.007.1.191209

Description The issue allows an attacker to inject unauthorized commands by executing the micomd executable daemon, triggering unintended functionalities. This executable can also be used to inject commands that generate CAN frames sent into the M-CAN bus of the vehicle.

Recommendations For version SOP.003.30.18.0703, consider disabling the micomd executable daemon as a temporary workaround until a patch is available. For version SOP.005.7.181019, restrict access to the micomd executable daemon to minimize the risk of exploitation. For version SOP.007.1.191209, avoid using the micomd executable daemon in the affected system until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.