CVE-2023-33281

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2023-33281
The remote keyfob system on Nissan Sylphy Classic 2021 sends the same RF signal for each door-open request, which allows for a replay attack. NOTE: the vendor's position is that this cannot be reproduced with genuine Nissan parts: for example, the combination of keyfob and door handle shown in the exploit demonstration does not match any technology that Nissan provides to customers.

6.5 /10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 2.8 / Impact : 3.6

Attack Vector ADJACENT_NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact HIGH

Availability Impact NONE

Scope UNCHANGED

References
Link Resource
https://chaos-lab.blogspot.com/2023/05/nissan-sylphy-classic-2021-fixed-code.html Exploit Third Party Advisory
https://twitter.com/Kevin2600/status/1658059570806415365 Exploit Third Party Advisory
https://www.youtube.com/watch?v=GG1utSdYG1k Exploit Third Party Advisory
Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:nissan:sylphy_classic_2021_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:nissan:sylphy_classic_2021:-:*:*:*:*:*:*:*
History

07 Nov 2023, 04:14

Type Values Removed Values Added
Summary ** DISPUTED ** The remote keyfob system on Nissan Sylphy Classic 2021 sends the same RF signal for each door-open request, which allows for a replay attack. NOTE: the vendor's position is that this cannot be reproduced with genuine Nissan parts: for example, the combination of keyfob and door handle shown in the exploit demonstration does not match any technology that Nissan provides to customers. The remote keyfob system on Nissan Sylphy Classic 2021 sends the same RF signal for each door-open request, which allows for a replay attack. NOTE: the vendor's position is that this cannot be reproduced with genuine Nissan parts: for example, the combination of keyfob and door handle shown in the exploit demonstration does not match any technology that Nissan provides to customers.

21 Jun 2023, 15:15

Type Values Removed Values Added
Summary The remote keyfob system on Nissan Sylphy Classic 2021 sends the same RF signal for each door-open request, which allows for a replay attack. ** DISPUTED ** The remote keyfob system on Nissan Sylphy Classic 2021 sends the same RF signal for each door-open request, which allows for a replay attack. NOTE: the vendor's position is that this cannot be reproduced with genuine Nissan parts: for example, the combination of keyfob and door handle shown in the exploit demonstration does not match any technology that Nissan provides to customers.

26 May 2023, 13:45

Type Values Removed Values Added
CVSS v2 : unknown
v3 : unknown 		v2 : unknown
v3 : 6.5
CWE CWE-294
CPE cpe:2.3:h:nissan:sylphy_classic_2021:-:*:*:*:*:*:*:*
cpe:2.3:o:nissan:sylphy_classic_2021_firmware:-:*:*:*:*:*:*:*
First Time Nissan sylphy Classic 2021
Nissan sylphy Classic 2021 Firmware
Nissan
References (MISC) https://twitter.com/Kevin2600/status/1658059570806415365 - (MISC) https://twitter.com/Kevin2600/status/1658059570806415365 - Exploit, Third Party Advisory
References (MISC) https://chaos-lab.blogspot.com/2023/05/nissan-sylphy-classic-2021-fixed-code.html - (MISC) https://chaos-lab.blogspot.com/2023/05/nissan-sylphy-classic-2021-fixed-code.html - Exploit, Third Party Advisory
References (MISC) https://www.youtube.com/watch?v=GG1utSdYG1k - (MISC) https://www.youtube.com/watch?v=GG1utSdYG1k - Exploit, Third Party Advisory

22 May 2023, 02:15

Type Values Removed Values Added
New CVE
Information

Published : 2023-05-22 02:15

Updated : 2024-04-11 01:20

NVD link : CVE-2023-33281

Mitre link : CVE-2023-33281

CVE.ORG link : CVE-2023-33281

JSON object : View

Products Affected

nissan

  • sylphy_classic_2021_firmware
  • sylphy_classic_2021
CWE
CWE-294

Authentication Bypass by Capture-replay