KEVIntel
Back to KEVs
6.8
CVSS
Medium

CVE-2023-29389

PUBLISHED

Toyota RAV4 2021 vehicles automatically trust messages from other ECUs on a CAN bus, which allows physically proximate attackers to drive a vehicle...

Exploited in the wild Low complexity No user interaction
Vendor
Toyota
Product
RAV4 2021
Published
Apr 05, 2023
EPSS

Description

Toyota RAV4 2021 vehicles automatically trust messages from other ECUs on a CAN bus, which allows physically proximate attackers to drive a vehicle by accessing the control CAN bus after pulling the bumper away and reaching the headlight connector, and then sending forged "Key is validated" messages via CAN Injection, as exploited in the wild in (for example) July 2022.

CVSS scores

CVSS v3.1 6.8 Medium

CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitation status

Exploited in the wild

Recorded 2023-04-05 00:00:00 UTC · Source

SSVC decision points

Exploitation
none
Automatable
No
Technical impact
total

References

Known exploited vulnerability sources

Catalogues that list this CVE as a known exploited vulnerability.

Source Added
CVE Apr 05, 2023

Timeline

  • CVE ID Reserved

  • CVE Published to Public

  • Added to KEVIntel