MEDIUM🇬🇧 English

CVE-2024-6029

CVSS 5.0v3.0pub. 2025-04-30upd. 2025-08-12

Tesla Model S Iris Modem Race Condition Firewall Bypass Vulnerability. This vulnerability allows network-adjacent attackers to bypass the firewall on the Iris modem in affected Tesla Model S vehicles. Authentication is not required to exploit this vulnerability. The specific flaw exists within the firewall service. The issue results from a failure to obtain the xtables lock. An attacker can leverage this vulnerability to bypass firewall rules. Was ZDI-CAN-23197.

oryginał EN
CVSS Vector
CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L
  • Tesla Model S

    HW
    Tesla
    wszystkie wersje
  • Tesla Model S Firmware

    OS
    Tesla
    < 2024.2.3
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
Tagi
Race ConditionFirewall
CWE
Referencje

Powiązane podatności

CVE-2024-13943HIGH7.8ten sam produkt

Tesla Model S Iris Modem QCMAP_ConnectionManager Improper Input Validation Sandbox Escape Vulnerability. This ...

CVE-2024-6030HIGH7.0ten sam produkt

Tesla Model S oFono Unnecessary Privileges Sandbox Escape Vulnerability. This vulnerability allows local attac...

CVE-2024-6031HIGH7.8ten sam produkt

Tesla Model S oFono AT Command Heap-based Buffer Overflow Code Execution Vulnerability. This vulnerability all...

CVE-2024-6032HIGH7.8ten sam produkt

Tesla Model S Iris Modem ql_atfwd Command Injection Code Execution Vulnerability. This vulnerability allows lo...

CVE-2022-27948HIGH7.2ten sam produkt

Certain Tesla vehicles through 2022-03-26 allow attackers to open the charging port via a 315 MHz RF signal co...