Cyber Resilience

CVE-2023-34402

High

Published: 13 February 2025

Published
13 February 2025
Modified
27 June 2025
KEV Added
Patch
CVSS Score v3.1 7.7 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
EPSS Score 0.0014 34.5th percentile
Risk Priority 15 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2023-34402 is a high-severity Out-of-bounds Write (CWE-787) vulnerability in Mercedes-Benz Headunit Ntg6 Mercedes-Benz User Experience. Its CVSS base score is 7.7 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Replication Through Removable Media (T1091); ranked at the 34.5th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 AC-3 (Access Enforcement) and SI-10 (Information Input Validation).

Deeper analysis

CVE-2023-34402 is a vulnerability in the Mercedes-Benz head-unit NTG6, which includes functions for importing or exporting profile settings over USB. During processing, an encapsulated file inside the imported file is dropped by the service. Due to missing checks, this enables arbitrary file write with the privileges of the speech service. The issue is associated with CWE-787 and carries a CVSS score of 7.7 (CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H).

An attacker with local access can exploit the vulnerability by crafting a malicious USB file for profile import, requiring no privileges or user interaction. Exploitation results in arbitrary file write capabilities under the speech service's rights, potentially compromising file integrity and availability.

The primary advisory reference is available at https://securelist.com/mercedes-benz-head-unit-security-research/115218/, which details the Mercedes-Benz head-unit security research.

EU & UK References

Vulnerability details

Mercedes-Benz head-unit NTG6 contains functions to import or export profile settings over USB. Inside file is encapsulate another file, which service will drop during processing. Due to missed checks, attacker can achieve Arbitrary File Write with service speech rights.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1091 Replication Through Removable Media Lateral Movement
Adversaries may move onto systems, possibly those on disconnected or air-gapped networks, by copying malware to removable media and taking advantage of Autorun features when the media is inserted into a system and executes.
Why these techniques?

Vulnerability enables arbitrary file write via crafted malicious profile import over USB removable media with no user interaction required.

Confidence: MEDIUM · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2023-34397Same product: Mercedes-Benz Headunit Ntg6 Mercedes-Benz User Experience
CVE-2023-34398Same product: Mercedes-Benz Headunit Ntg6 Mercedes-Benz User Experience
CVE-2023-34399Same product: Mercedes-Benz Headunit Ntg6 Mercedes-Benz User Experience
CVE-2023-34400Same product: Mercedes-Benz Headunit Ntg6 Mercedes-Benz User Experience
CVE-2025-25742Shared CWE-787
CVE-2025-21042Shared CWE-787
CVE-2025-27175Shared CWE-787
CVE-2019-25679Shared CWE-787
CVE-2026-0122Shared CWE-787
CVE-2024-54509Shared CWE-787

Affected Assets

mercedes-benz
headunit ntg6 mercedes-benz user experience
≤ 2021

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Requires validation of imported USB profile files and encapsulated content to detect and reject malformed inputs, directly addressing the missing checks that enable arbitrary file writes.

prevent

Enforces access control policies to restrict the speech service from writing to arbitrary file locations, preventing exploitation even if invalid files are processed.

prevent

Limits the speech service to the minimum privileges necessary for its functions, reducing the impact of arbitrary file writes by restricting accessible locations and resources.

References