CVE-2020-5551
Last modified
CVE-2020-5551 is a high-severity vulnerability rated 8.8/10 on the CVSS scale. Toyota 2017 Model Year DCU (Display Control Unit) allows an unauthenticated attacker within Bluetooth range to cause a denial of service attack and/or execute an arbitrary command. The affected DCUs are installed in Lexus (LC, LS, NX, RC, RC F), TOYOTA CAMRY, and TOYOTA SIENNA manufactured in the regions other than Japan from Oct. EPSS estimates a 1.39% chance of exploitation in the next 30 days.
Description
Toyota 2017 Model Year DCU (Display Control Unit) allows an unauthenticated attacker within Bluetooth range to cause a denial of service attack and/or execute an arbitrary command. The affected DCUs are installed in Lexus (LC, LS, NX, RC, RC F), TOYOTA CAMRY, and TOYOTA SIENNA manufactured in the regions other than Japan from Oct. 2016 to Oct. 2019. An attacker with certain knowledge on the target vehicle control system may be able to send some diagnostic commands to ECUs with some limited availability impacts; the vendor states critical vehicle controls such as driving, turning, and stopping are not affected.
Metrics
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Toyota | Display Control Unit | All versions |
References
- https://global.toyota/en/newsroom/corporate/32120629.htmlExploit, Vendor Advisory
- https://jvn.jp/en/vu/JVNVU99396686/index.htmlThird Party Advisory
- https://global.toyota/en/newsroom/corporate/32120629.htmlExploit, Vendor Advisory
- https://jvn.jp/en/vu/JVNVU99396686/index.htmlThird Party Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2020-5551?
How severe is CVE-2020-5551?
How do I fix CVE-2020-5551?
Are you affected by CVE-2020-5551?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST