How severe is CVE-2022-3093?

This vulnerability has a severity rating of HIGH with a CVSS score of 7.6 out of 10.

What type of vulnerability is CVE-2022-3093?

This is classified as CWE-367, which is a common weakness in software security.

CVE-2022-3093 - HIGH Severity | CVSS 7.6

Vulnerability Description

This vulnerability allows physical attackers to execute arbitrary code on affected Tesla vehicles. Authentication is not required to exploit this vulnerability. The specific flaw exists within the ice_updater update mechanism. The issue results from the lack of proper validation of user-supplied firmware. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-17463.

Related Vulnerabilities

CVE-2019-7347

HIGH

CVSS:7.5(High)

A Time-of-check Time-of-use (TOCTOU) Race Condition exists in ZoneMinder through 1.32.3 as a session remains active for an authenticated user even after deletion from the users table. This allows a no...

CWE-3672019

CVE-2020-14674

HIGH

CVSS:7.5(High)

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 5.2.44, prior to 6.0.24 and prior to 6.1.12. Difficult t...

CWE-3672020

CVE-2020-14675

HIGH

CVSS:7.5(High)

CWE-3672020

CVE-2020-14677

HIGH

CVSS:7.5(High)

CWE-3672020

CVE-2021-20181

HIGH

CVSS:7.5(High)

A race condition flaw was found in the 9pfs server implementation of QEMU up to and including 5.2.0. This flaw allows a malicious 9p client to cause a use-after-free error, potentially escalating thei...

CWE-3672021

CVE-2021-22043

HIGH

CVSS:7.5(High)

VMware ESXi contains a TOCTOU (Time-of-check Time-of-use) vulnerability that exists in the way temporary files are handled. A malicious actor with access to settingsd, may exploit this issue to escala...

CWE-3672021