CVE Vulnerability

CVE-2022-37709

Tesla Model 3 V11.0(2022.4.5.1 6b701552d7a6) Tesla mobile app v4.23 is vulnerable to Authentication Bypass by spoofing. Tesla Model 3's Phone Key authentication is vulnerable to Man-in-the-middle attacks in the BLE channel. It allows attackers to open a door and drive the car away by leveraging access to a legitimate Phone Key.

5.3 /10

CVSS v3.0 : MEDIUM

V3 Legend

Vector :

Exploitability : 1.6 / Impact : 3.6

Attack Vector ADJACENT_NETWORK

Attack Complexity HIGH

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact HIGH

Availability Impact NONE

Scope UNCHANGED

References
Link Resource
https://youtu.be/cPhYW5FzA9A Exploit Third Party Advisory
https://fmsh-seclab.github.io/ Exploit Technical Description
https://github.com/fmsh-seclab/TesMla Third Party Advisory
Configurations

Configuration 1

cpe:2.3:a:tesla:tesla:4.23:*:*:*:*:android:*:*
Information

Published : 2022-09-16 10:15

Updated : 2022-09-23 01:20

NVD link : CVE-2022-37709

Mitre link : CVE-2022-37709

Products Affected

Model 3 Firmware

Tesla

CWE
CWE-290

Authentication Bypass by Spoofing