Vulnerability Details CVE-2019-14951
The Telenav Scout GPS Link app 1.x for iOS, as used with Toyota and Lexus vehicles, has an incorrect protection mechanism against brute-force attacks on the authentication process, which makes it easier for attackers to obtain multimedia-screen access via port 7050 on the cellular network, as demonstrated by a DrivingRestriction method call to uma/jsonrpc/mobile.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.005
EPSS Ranking 64.0%
CVSS Severity
CVSS v3 Score 7.5
CVSS v2 Score 5.0
References
Products affected by CVE-2019-14951
-
cpe:2.3:a:telenav:scout_gps_link:1.0.101
-
cpe:2.3:a:telenav:scout_gps_link:1.0.103
-
cpe:2.3:a:telenav:scout_gps_link:1.0.105
-
cpe:2.3:a:telenav:scout_gps_link:1.0.107
-
cpe:2.3:a:telenav:scout_gps_link:1.0.109
-
cpe:2.3:a:telenav:scout_gps_link:1.0.16
-
cpe:2.3:a:telenav:scout_gps_link:1.0.29
-
cpe:2.3:a:telenav:scout_gps_link:1.0.32
-
cpe:2.3:a:telenav:scout_gps_link:1.0.38
-
cpe:2.3:a:telenav:scout_gps_link:1.0.4
-
cpe:2.3:a:telenav:scout_gps_link:1.0.45
-
cpe:2.3:a:telenav:scout_gps_link:1.0.47
-
cpe:2.3:a:telenav:scout_gps_link:1.0.5
-
cpe:2.3:a:telenav:scout_gps_link:1.0.53
-
cpe:2.3:a:telenav:scout_gps_link:1.0.59
-
cpe:2.3:a:telenav:scout_gps_link:1.0.65
-
cpe:2.3:a:telenav:scout_gps_link:1.0.75
-
cpe:2.3:a:telenav:scout_gps_link:1.0.81
-
cpe:2.3:a:telenav:scout_gps_link:1.0.83
-
cpe:2.3:a:telenav:scout_gps_link:1.0.85
-
cpe:2.3:a:telenav:scout_gps_link:1.0.87
-
cpe:2.3:a:telenav:scout_gps_link:1.0.93
-
cpe:2.3:a:telenav:scout_gps_link:1.0.95
-
cpe:2.3:a:telenav:scout_gps_link:1.0.97
-
cpe:2.3:a:telenav:scout_gps_link:1.0.99