CVE-2023-40291

Name of the Vulnerable Software and Affected Versions Harman Infotainment version 20190525031613

Description The issue allows root access via SSH over a USB-to-Ethernet dongle with a password that is an internal project name. This is related to inadequate access control in the navigation and multimedia systems designed for use in ground vehicles. Exploitation of the issue may enable an attacker to gain root access through SSH using a USB-to-Ethernet key with a password.

Recommendations For Harman Infotainment version 20190525031613, consider disabling SSH access via USB-to-Ethernet dongles as a temporary workaround until a patch is available. Restrict access to the system using strong passwords and ensure that internal project names are not used as passwords to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.