all InfoSec news logo
all InfoSec news - Your InfoSec news aggregator
Log in Sign up
all InfoSec news

ZDI-23-972: (Pwn2Own) Tesla Model 3 Gateway Firmware Signature Validation Bypass Vulnerability

Add to bookmarks
July 18, 2023, 5 a.m. |

ZDI: Published Advisories www.zerodayinitiative.com

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected Tesla Model 3 vehicles. An attacker must first obtain the ability to execute privileged code on the Tesla infotainment system in order to exploit this vulnerability.

arbitrary code attackers bypass bypass vulnerability code exploit firmware gateway infotainment network order privileged pwn2own signature system tesla validation vehicles vulnerability zdi

Visit resource

More from www.zerodayinitiative.com / ZDI: Published Advisories

ZDI-24-439: Microsoft Windows Bluetooth AVDTP Protocol Integer Underflow Remote Code Execution Vulnerability 4 days, 8 hours ago | www.zerodayinitiative.com
arbitrary code attackers bluetooth code +20
ZDI-24-438: Dassault Systèmes eDrawings Viewer DXF File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability 4 days, 8 hours ago | www.zerodayinitiative.com
arbitrary code attackers code code execution +16
ZDI-24-437: Dassault Systèmes eDrawings Viewer DXF File Parsing Type Confusion Remote Code Execution Vulnerability 4 days, 8 hours ago | www.zerodayinitiative.com
arbitrary code attackers code code execution +15
ZDI-24-436: Dassault Systèmes eDrawings Viewer DXF File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability 4 days, 8 hours ago | www.zerodayinitiative.com
arbitrary code attackers code code execution +16
ZDI-24-435: Dassault Systèmes eDrawings Viewer DXF File Parsing Type Confusion Remote Code Execution Vulnerability 4 days, 8 hours ago | www.zerodayinitiative.com
arbitrary code attackers code code execution +15
ZDI-24-434: Dassault Systèmes eDrawings Viewer SAT File Parsing Uninitialized Variable Remote Code Execution Vulnerability 4 days, 8 hours ago | www.zerodayinitiative.com
arbitrary code attackers code code execution +16
ZDI-24-433: Dassault Systèmes eDrawings Viewer DXF File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability 4 days, 8 hours ago | www.zerodayinitiative.com
arbitrary code attackers code code execution +16
ZDI-24-432: Dassault Systèmes eDrawings Viewer JT File Parsing Memory Corruption Remote Code Execution Vulnerability 4 days, 8 hours ago | www.zerodayinitiative.com
arbitrary code attackers code code execution +17
ZDI-24-431: Dassault Systèmes eDrawings Viewer DXF File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability 4 days, 8 hours ago | www.zerodayinitiative.com
arbitrary code attackers code code execution +16

Jobs in InfoSec / Cybersecurity

Post a job on infosec-jobs.com Find talent on infosec-jobs.com

Senior Security Engineer

@ LiquidX | Singapore, Central Singapore, Singapore
View on infosec-jobs.com

Application Security Engineer

@ Solidigm | Zapopan, Mexico
View on infosec-jobs.com

Application Security Engineer

@ Yassir | worldwide
View on infosec-jobs.com

Senior Windows Threat & Detection Security Researcher (Cortex)

@ Palo Alto Networks | Tel Aviv-Yafo, Israel
View on infosec-jobs.com

MDR Security Analyst

@ SentinelOne | Israel
View on infosec-jobs.com

Principal Security Research Engineer (Prisma Cloud)

@ Palo Alto Networks | Bengaluru, India
View on infosec-jobs.com
View more jobs