How severe is CVE-2018-18203?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 6.4 out of 10.

What type of vulnerability is CVE-2018-18203?

This is classified as CWE-347, which is a common weakness in software security.

CVE-2018-18203

MEDIUM Year: 2018

CVSS v3 Score

6.4

Medium

CVSS v2 Score

6.9

Medium

Weakness Type

CWE-347

View all →

Vulnerability Description

A vulnerability in the update mechanism of Subaru StarLink Harman head units 2017, 2018, and 2019 may give an attacker (with physical access to the vehicle's USB ports) the ability to rewrite the firmware of the head unit. This occurs because the device accepts modified QNX6 filesystem images (as long as the attacker obtains access to certain Harman decryption/encryption code) as a consequence of a bug where unsigned images pass a validity check. An attacker could potentially install persistent malicious head unit firmware and execute arbitrary code as the root user.

CVE-2019-1809

MEDIUM

CVSS:6.4(Medium)

A vulnerability in the Image Signature Verification feature of Cisco NX-OS Software could allow an authenticated, local attacker with administrator-level credentials to install a malicious software pa...

CWE-3472019

CVE-2020-15705

MEDIUM

CVSS:6.4(Medium)

GRUB2 fails to validate kernel signature when booted directly without shim, allowing secure boot to be bypassed. This only affects systems where the kernel signing certificate has been imported direct...

CWE-3472020

CVE-2021-34709

MEDIUM

CVSS:6.4(Medium)

Multiple vulnerabilities in image verification checks of Cisco Network Convergence System (NCS) 540 Series Routers, only when running Cisco IOS XR NCS540L software images, and Cisco IOS XR Software fo...

CWE-3472021

CVE-2022-47549

MEDIUM

CVSS:6.4(Medium)

An unprotected memory-access operation in optee_os in TrustedFirmware Open Portable Trusted Execution Environment (OP-TEE) before 3.20 allows a physically proximate adversary to bypass signature verif...

CWE-3472022

CVE-2024-2451

MEDIUM

CVSS:6.4(Medium)

Improper fingerprint validation in the TeamViewer Client (Full & Host) prior Version 15.54 for Windows and macOS allows an attacker with administrative user rights to further elevate privileges via ex...

CWE-3472024

CVE-2017-10669

MEDIUM

CVSS:6.5(Medium)

Signature Wrapping exists in OSCI-Transport 1.2 as used in OSCI Transport Library 1.6.1 (Java) and OSCI Transport Library 1.6 (.NET). An attacker with access to unencrypted OSCI protocol messages must...

CWE-3472017

CVE-2018-18203

Vulnerability Description

Related Vulnerabilities

CVE-2019-1809

CVE-2020-15705

CVE-2021-34709

CVE-2022-47549

CVE-2024-2451

CVE-2017-10669