module
KOFFEE - Kia OFFensivE Exploit
| Disclosed |
|---|
| Dec 2, 2020 |
Disclosed
Dec 2, 2020
Description
This module exploits CVE-2020-8539, which is an arbitrary code execution vulnerability that allows an to
attacker execute the micomd binary file on the head unit of Kia Motors. This module has been tested on
SOP.003.30.18.0703, SOP.005.7.181019 and SOP.007.1.191209 head unit software versions. This module, run on an
active session, allows an attacker to send crafted micomd commands that allow the attacker to control the head
unit and send CAN bus frames into the Multimedia CAN (M-Can) of the vehicle.
attacker execute the micomd binary file on the head unit of Kia Motors. This module has been tested on
SOP.003.30.18.0703, SOP.005.7.181019 and SOP.007.1.191209 head unit software versions. This module, run on an
active session, allows an attacker to send crafted micomd commands that allow the attacker to control the head
unit and send CAN bus frames into the Multimedia CAN (M-Can) of the vehicle.
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.