CVE-2023-34402
Published: 13 February 2025
Summary
CVE-2023-34402 is a high-severity Out-of-bounds Write (CWE-787) vulnerability in Mercedes-Benz Headunit Ntg6 Mercedes-Benz User Experience. Its CVSS base score is 7.7 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Replication Through Removable Media (T1091); ranked at the 34.5th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 AC-3 (Access Enforcement) and SI-10 (Information Input Validation).
Deeper analysis
CVE-2023-34402 is a vulnerability in the Mercedes-Benz head-unit NTG6, which includes functions for importing or exporting profile settings over USB. During processing, an encapsulated file inside the imported file is dropped by the service. Due to missing checks, this enables arbitrary file write with the privileges of the speech service. The issue is associated with CWE-787 and carries a CVSS score of 7.7 (CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H).
An attacker with local access can exploit the vulnerability by crafting a malicious USB file for profile import, requiring no privileges or user interaction. Exploitation results in arbitrary file write capabilities under the speech service's rights, potentially compromising file integrity and availability.
The primary advisory reference is available at https://securelist.com/mercedes-benz-head-unit-security-research/115218/, which details the Mercedes-Benz head-unit security research.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2023-38480
Vulnerability details
Mercedes-Benz head-unit NTG6 contains functions to import or export profile settings over USB. Inside file is encapsulate another file, which service will drop during processing. Due to missed checks, attacker can achieve Arbitrary File Write with service speech rights.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Vulnerability enables arbitrary file write via crafted malicious profile import over USB removable media with no user interaction required.
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Requires validation of imported USB profile files and encapsulated content to detect and reject malformed inputs, directly addressing the missing checks that enable arbitrary file writes.
Enforces access control policies to restrict the speech service from writing to arbitrary file locations, preventing exploitation even if invalid files are processed.
Limits the speech service to the minimum privileges necessary for its functions, reducing the impact of arbitrary file writes by restricting accessible locations and resources.