NVD

Id
18587  
Name
CVE-2016-2354  
Description
The Bluetooth functionality in Lemur Vehicle Monitors BlueDriver before 2016-04-07 supports unrestricted pairing without a PIN, which allows remote attackers to send arbitrary CAN commands by leveraging access to a device inside or adjacent to the vehicle, as demonstrated by a CAN command to disrupt braking or steering.  
Reject
 
CVSS Version
2  
CVSS Score
8  
Severity
High  
CVSS Base Score
8  
CVSS Impact Subscore
9.5  
CVSS Exploit Subscore
6.5  
CVSS Vector
(AV:A/AC:L/Au:N/C:P/I:C/A:C)  
Pub Date
2017-01-19  
Published
2016-04-21  
Modified Date
2016-05-31  
Seq
2016-2354  

Actions

Related NVD References

Id NVD Id NVD No. Reference Actions
103046 18587 CVE-2016-2354 VU#615456  View

Related JVN

Id Name Title Summary Cveinfo Name Cveinfo Id Nvdinfo Name Nvdinfo Id Cvssv2 Cvssv3 Jvnurl Published Date Last Updated Date Actions
1182 JVNDB-2016-001955 BlueDriver LSB2 に認証なしで Bluetooth アクセスが可能な問題 Lemur Vehicle Monitors の BlueDriver LSB2 は、OBD2 ポートに接続して車両の性能に関する情報を提供するデバイスです。BlueDriver LSB2 は Bluetooth によるアクセスに PIN を必要としないため、Bluetooth の無線範囲内にいる誰もが車両の CAN (Controller Area Network) バスに任意のコマンドを送信することが可能です。 CVE-2016-2354 88860 CVE-2016-2354 18587 8 8.8 http://jvndb.jvn.jp/ja/contents/2016/JVNDB-2016-001955.html 2016-04-07 2016-05-31 View