CVE-2018-18071

Published: Oct 9, 2018Modified: Nov 21, 2024

7.5

Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Exploitability: 3.9 / Impact: 3.6

Source: NVD

Description

An issue was discovered in the Daimler Mercedes-Benz Me app 2.11.0-846 for iOS. The encrypted Connected Vehicle API data exchange between the app and a server might be intercepted. The app can be used to operate the Remote Parking Pilot, unlock the vehicle, or obtain sensitive information such as latitude, longitude, and direction of travel.

Affected (1)

Products: Mercedes Benz: Mercedes Me

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Mercedes Benz Mercedes Me	Version 2.11.0

Related CWEs

Cleartext Transmission of Sensitive Information

The product transmits sensitive or security-critical data in cleartext in a communication channel that can be sniffed by unauthorized actors.

References (4)

https://vuldb.com/?id.125081

Source: cve@mitre.org

ExploitThird Party AdvisoryVDB Entry

https://www.scip.ch/en/?labs.20180405

Source: cve@mitre.org

ExploitTechnical DescriptionThird Party Advisory

https://vuldb.com/?id.125081

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitThird Party AdvisoryVDB Entry

https://www.scip.ch/en/?labs.20180405

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitTechnical DescriptionThird Party Advisory

Timeline

No history available yet.