CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2024-6032

Tesla Model S Iris Modem ql_atfwd Command Injection Code Execution Vulnerability. This vulnerability allows local attackers to execute arbitrary code on affected Tesla Model S vehicles. An attacker must first obtain the ability to execute code on the target system in order to exploit this vulnerability. The specific flaw exists within the ql_atfwd process. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code on the target modem in the context of root. Was ZDI-CAN-23201.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.001

EPSS Ranking 26.1%

CVSS Severity

CVSS v3 Score 7.8

References

https://www.zerodayinitiative.com/advisories/ZDI-25-264/

Products affected by CVE-2024-6032

Tesla » Model S » Version: N/A

cpe:2.3:h:tesla:model_s:-
Tesla » Model S Firmware » Version: N/A

cpe:2.3:o:tesla:model_s_firmware:-
Tesla » Model S Firmware » Version: 2022-03-26

cpe:2.3:o:tesla:model_s_firmware:2022-03-26
Tesla » Model S Firmware » Version: 2022.16.0.3

cpe:2.3:o:tesla:model_s_firmware:2022.16.0.3

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2024-6032

Products

Pricing

Contact Us