Code execution in TOYOTA MOTOR Global TechStream (GTS)
| Risk | Low |
| Patch available | YES |
| Number of vulnerabilities | 1 |
| CVE-ID | CVE-2020-5610 |
| CWE-ID | CWE-121 |
| Exploitation vector | Local |
| Public exploit | N/A |
| Vulnerable software |
Global TechStream (GTS) Other software / Other software solutions |
| Vendor | TOYOTA MOTOR CORPORATION |
Security Bulletin
This security bulletin contains one low risk vulnerability.
1) Stack-based buffer overflow
EUVDB-ID: #VU32898
Risk: Low
CVSSv4.0: 4 [CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2020-5610
CWE-ID:
CWE-121 - Stack-based buffer overflow
Exploit availability: No
DescriptionThe vulnerability allows a local attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error. An attacker with physical access can trigger stack-based buffer overflow and execute arbitrary code on the target system or cause a denial of service (DoS) condition.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsGlobal TechStream (GTS): 15.10.032
CPE2.3- cpe:2.3:a:toyota_motor_corporation:global_techstream_gts:*:*:*:*:*:*:*:*
- cpe:2.3:a:toyota_motor_corporation:global_techstream_gts:15.10.032:*:*:*:*:*:*:*
http://jvn.jp/en/jp/JVN40400577/index.html
Q & A
Can this vulnerability be exploited remotely?
No. The attacker should have physical access to the system in order to successfully exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
