Vulnerability Details : CVE-2020-5551
Toyota 2017 Model Year DCU (Display Control Unit) allows an unauthenticated attacker within Bluetooth range to cause a denial of service attack and/or execute an arbitrary command. The affected DCUs are installed in Lexus (LC, LS, NX, RC, RC F), TOYOTA CAMRY, and TOYOTA SIENNA manufactured in the regions other than Japan from Oct. 2016 to Oct. 2019. An attacker with certain knowledge on the target vehicle control system may be able to send some diagnostic commands to ECUs with some limited availability impacts; the vendor states critical vehicle controls such as driving, turning, and stopping are not affected.
Vulnerability category: Denial of service
Products affected by CVE-2020-5551
- cpe:2.3:h:toyota:display_control_unit:-:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2020-5551
0.13%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 46 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2020-5551
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
5.4
|
MEDIUM | AV:A/AC:M/Au:N/C:P/I:P/A:P |
5.5
|
6.4
|
NIST | |
8.8
|
HIGH | CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
2.8
|
5.9
|
NIST |
CWE ids for CVE-2020-5551
-
During installation, installed file permissions are set to allow anyone to modify those files.Assigned by: nvd@nist.gov (Primary)
References for CVE-2020-5551
-
https://jvn.jp/en/vu/JVNVU99396686/index.html
JVNVU#99396686: A vulnerability in TOYOTA MOTOR's DCU (Display Control Unit)Third Party Advisory
-
https://global.toyota/en/newsroom/corporate/32120629.html
Toyota Acknowledges Tencent Keen Security Lab's Initiatives for Improving Automotive Cybersecurity | Corporate | Global Newsroom | Toyota Motor Corporation Official Global WebsiteExploit;Vendor Advisory
Jump to