module
KOFFEE - Kia OFFensivE Exploit
| Disclosed | Created |
|---|---|
| Dec 2, 2020 | Apr 23, 2021 |
Disclosed
Dec 2, 2020
Created
Apr 23, 2021
Description
This module exploits CVE-2020-8539, which is an arbitrary code execution vulnerability that allows an to
attacker execute the micomd binary file on the head unit of Kia Motors. This module has been tested on
SOP.003.30.18.0703, SOP.005.7.181019 and SOP.007.1.191209 head unit software versions. This module, run on an
active session, allows an attacker to send crafted micomd commands that allow the attacker to control the head
unit and send CAN bus frames into the Multimedia CAN (M-Can) of the vehicle.
attacker execute the micomd binary file on the head unit of Kia Motors. This module has been tested on
SOP.003.30.18.0703, SOP.005.7.181019 and SOP.007.1.191209 head unit software versions. This module, run on an
active session, allows an attacker to send crafted micomd commands that allow the attacker to control the head
unit and send CAN bus frames into the Multimedia CAN (M-Can) of the vehicle.
Authors
Gianpiero Costantino
Ilaria Matteucci
Ilaria Matteucci
Platform
Android
References
Module Options
To display the available options, load the module within the Metasploit console and run the commands 'show options' or 'show advanced':
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.