Wednesday, October 14, 2020

Audi A7 2014 MMI Mishandles the Format-string Specifiers

Date: 2020-10-13

Author: Kevin2600

CVE: CVE-2020-27524

Version:  Audi A7 2014 MMI

Vendorhttps://www.audi.com/en.html


Attack-Vector: 

There is an improper format strings specifiers handling bug on Audi A7 2014 MMI Infotainment system. Simply rename the Mobile's Bluetooth name to "%x%x%x%x%x" or other specifiers. It will cause MMI memory leaks or even crash the service. 


Reproduce-Steps:

1) Rename Phone's Bluetooth name to "%x%x%x%x%x" 

2) Connect to the Audi's MMI IVI as normal through Bluetooth connection. 

3) Start the Multimedia player and listen to music. In general, the Music source name will appear as normal. 


But if we set the name as format string specifiers. The Music source name will be leaking memory content instead. And some specifiers will even crash the services.


Vendor response:

The Vendor Audi has been contacted on Oct 14th, but they replied this issue does not concern them. Indeed, the bug alone doesn't seem to anything useful yet, but since CVE-2017-9212 BMW 330i 2011 and CVE-2020-16142 Mercedes-Benz AMG they all have such issue. Maybe we can start testing those German vehicles. You never know ;)


2 comments:

  1. As you might notice, there are multiple ways to detect the presence of these metabolites in the body.This means your preparedness has to differ depending on the method of detection, aka drug tests. The system takes about 20 minutes to get started, but then can last for up to 4 hours, giving you enough time to take a “pop quiz” at work, no sweat. Pros Cons Quick Fix Synthetic urine is a pre-mixed specimen created in a lab, and one that is perceived to be clear, fresh, and realistically balanced in multiple characteristics.png 1024w, https://www.laweekly. Visit: https://www.urineworld.com/

    ReplyDelete
  2. Auta to również moja pasja. Interesuje się elektryką aut po więcej zapraszam na Schematy bezpieczników

    ReplyDelete