Vulnerability Details CVE-2020-28656
The update functionality of the Discover Media infotainment system in Volkswagen Polo 2019 vehicles allows physically proximate attackers to execute arbitrary code because some unsigned parts of a metainfo file are parsed, which can cause attacker-controlled files to be written to the infotainment system and executed as root.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.0
EPSS Ranking 4.9%
CVSS Severity
CVSS v3 Score 6.8
CVSS v2 Score 7.2
References
Products affected by CVE-2020-28656
-
cpe:2.3:h:vw:polo:-
-
cpe:2.3:o:vw:polo_firmware:2019