CVE-2018-18203

low-risk
Published 2018-11-28

A vulnerability in the update mechanism of Subaru StarLink Harman head units 2017, 2018, and 2019 may give an attacker (with physical access to the vehicle's USB ports) the ability to rewrite the firmware of the head unit. This occurs because the device accepts modified QNX6 filesystem images (as long as the attacker obtains access to certain Harman decryption/encryption code) as a consequence of a bug where unsigned images pass a validity check. An attacker could potentially install persistent malicious head unit firmware and execute arbitrary code as the root user.

Do I need to act?

-
0.02% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
6
CVSS 6.4/10 Medium
PHYSICAL / HIGH complexity

Affected Products (3)

Starlink 2017 Firmware
Starlink 2018 Firmware
Starlink 2019 Firmware

Affected Vendors

Subaru

References (2)

Exploit https://github.com/sgayou/subaru_starlink_research
Exploit https://github.com/sgayou/subaru_starlink_research
26
/ 100
low-risk
Severity 17/34 · Moderate
Exploitability 0/34 · Minimal
Exposure 9/34 · Low