CVE-2023-28912

Name of the Vulnerable Software and Affected Versions: MIB3 unit (affected versions not specified)

Description: The issue concerns the storage of the synchronized phone contact book in clear-text by the MIB3 unit. This allows an attacker with either code execution privilege on the system or physical access to the system to obtain the vehicle owner's contact data. The vulnerability was originally discovered in a Skoda Superb III car with an MIB3 infotainment unit.

Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.