CVE-2024-6029

MEDIUM Year: 2024
CVSS v3 Score
5.0
Medium
Weakness Type
CWE-367
View all →

Vulnerability Description

Tesla Model S Iris Modem Race Condition Firewall Bypass Vulnerability. This vulnerability allows network-adjacent attackers to bypass the firewall on the Iris modem in affected Tesla Model S vehicles. Authentication is not required to exploit this vulnerability. The specific flaw exists within the firewall service. The issue results from a failure to obtain the xtables lock. An attacker can leverage this vulnerability to bypass firewall rules. Was ZDI-CAN-23197.

Related Vulnerabilities

CVE-2018-16872

MEDIUM
CVSS:5.0(Medium)

A flaw was found in qemu Media Transfer Protocol (MTP). The code opening files in usb_mtp_get_object and usb_mtp_get_partial_object and directories in usb_mtp_object_readdir doesn't consider that the ...

CWE-3672018

CVE-2024-27361

MEDIUM
CVSS:5.1(Medium)

A vulnerability was discovered in Samsung Mobile Processor Exynos 980, Exynos 990, Exynos 1080, Exynos 2100, Exynos 2200, Exynos 1280, Exynos 1380, and Exynos 2400 that involves a time-of-check to tim...

CWE-3672024

CVE-2024-49768

MEDIUM
CVSS:4.8(Medium)

Waitress is a Web Server Gateway Interface server for Python 2 and 3. A remote client may send a request that is exactly recv_bytes (defaults to 8192) long, followed by a secondary request using HTTP ...

CWE-3672024

CVE-2013-4235

MEDIUM
CVSS:4.7(Medium)

shadow: TOCTOU (time-of-check time-of-use) race condition when copying and removing directory trees

CWE-3672013

CVE-2015-7810

MEDIUM
CVSS:4.7(Medium)

libbluray MountManager class has a time-of-check time-of-use (TOCTOU) race when expanding JAR files

CWE-3672015

CVE-2017-11830

MEDIUM
CVSS:5.3(Medium)

Device Guard in Windows 10 Gold, 1511, 1607, 1703, and 1709, Windows Server 2016, and Windows Server, version 1709 allows an attacker to make an unsigned file appear to be signed, due to a security fe...

CWE-3672017