CVE-2019-14951
Last modified
CVE-2019-14951 is a vulnerability of currently unknown severity. The Telenav Scout GPS Link app 1.x for iOS, as used with Toyota and Lexus vehicles, has an incorrect protection mechanism against brute-force attacks on the authentication process, which makes it easier for attackers to obtain multimedia-screen access via port 7050 on the cellular network, as demonstrated by a DrivingRestriction method call to uma/jsonrpc/mobile.. EPSS estimates a 1.73% chance of exploitation in the next 30 days.
Description
The Telenav Scout GPS Link app 1.x for iOS, as used with Toyota and Lexus vehicles, has an incorrect protection mechanism against brute-force attacks on the authentication process, which makes it easier for attackers to obtain multimedia-screen access via port 7050 on the cellular network, as demonstrated by a DrivingRestriction method call to uma/jsonrpc/mobile.
Metrics
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Telenav | Scout Gps Link | >= 1.0.4, <= 1.0.109 |
References
- https://sites.google.com/site/iosappnss/more-vulnerable-apps-and-librariesExploit, Third Party Advisory
- https://sites.google.com/site/iosappnss/more-vulnerable-apps-and-librariesExploit, Third Party Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2019-14951?
How severe is CVE-2019-14951?
How do I fix CVE-2019-14951?
Are you affected by CVE-2019-14951?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST