{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-6030", "assignerOrgId": "99f1926a-a320-47d8-bbb5-42feb611262e", "state": "PUBLISHED", "assignerShortName": "zdi", "dateReserved": "2024-06-14T23:39:56.153Z", "datePublished": "2025-04-30T20:00:36.899Z", "dateUpdated": "2025-04-30T20:16:23.726Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "99f1926a-a320-47d8-bbb5-42feb611262e", "shortName": "zdi", "dateUpdated": "2025-04-30T20:00:36.899Z"}, "title": "Tesla Model S oFono Unnecessary Privileges Sandbox Escape Vulnerability", "descriptions": [{"lang": "en", "value": "Tesla Model S oFono Unnecessary Privileges Sandbox Escape Vulnerability. This vulnerability allows local attackers to escape the sandbox on affected Tesla Model S vehicles. An attacker must first obtain the ability to execute code within the sandbox on the target system in order to exploit this vulnerability.\n \nThe specific flaw exists within the oFono process. The process allows an attacker to modify interfaces. An attacker can leverage this vulnerability to bypass the iptables network sandbox. Was ZDI-CAN-23200."}], "affected": [{"vendor": "Tesla", "product": "Model S", "versions": [{"version": "2023.44.29", "status": "affected"}], "defaultStatus": "unknown"}], "problemTypes": [{"descriptions": [{"lang": "en", "cweId": "CWE-250", "description": "CWE-250: Execution with Unnecessary Privileges", "type": "CWE"}]}], "references": [{"url": "https://www.zerodayinitiative.com/advisories/ZDI-25-263/", "name": "ZDI-25-263", "tags": ["x_research-advisory"]}], "dateAssigned": "2024-06-14T23:39:56.180Z", "datePublic": "2025-04-30T19:58:15.466Z", "source": {"lang": "en", "value": "Synacktiv (@Synacktiv)"}, "metrics": [{"format": "CVSS", "cvssV3_0": {"version": "3.0", "vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "baseScore": 7, "baseSeverity": "HIGH"}}]}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-04-30T20:16:00.543848Z", "id": "CVE-2024-6030", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-04-30T20:16:23.726Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-6030", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2025-04-30T20:16:00.543848Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-04-30T20:16:12.964Z"}}], "cna": {"title": "Tesla Model S oFono Unnecessary Privileges Sandbox Escape Vulnerability", "source": {"lang": "en", "value": "Synacktiv (@Synacktiv)"}, "metrics": [{"format": "CVSS", "cvssV3_0": {"version": "3.0", "baseScore": 7, "baseSeverity": "HIGH", "vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H"}}], "affected": [{"vendor": "Tesla", "product": "Model S", "versions": [{"status": "affected", "version": "2023.44.29"}], "defaultStatus": "unknown"}], "datePublic": "2025-04-30T19:58:15.466Z", "references": [{"url": "https://www.zerodayinitiative.com/advisories/ZDI-25-263/", "name": "ZDI-25-263", "tags": ["x_research-advisory"]}], "dateAssigned": "2024-06-14T23:39:56.180Z", "descriptions": [{"lang": "en", "value": "Tesla Model S oFono Unnecessary Privileges Sandbox Escape Vulnerability. This vulnerability allows local attackers to escape the sandbox on affected Tesla Model S vehicles. An attacker must first obtain the ability to execute code within the sandbox on the target system in order to exploit this vulnerability.\n \nThe specific flaw exists within the oFono process. The process allows an attacker to modify interfaces. An attacker can leverage this vulnerability to bypass the iptables network sandbox. Was ZDI-CAN-23200."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-250", "description": "CWE-250: Execution with Unnecessary Privileges"}]}], "providerMetadata": {"orgId": "99f1926a-a320-47d8-bbb5-42feb611262e", "shortName": "zdi", "dateUpdated": "2025-04-30T20:00:36.899Z"}}}, "cveMetadata": {"cveId": "CVE-2024-6030", "state": "PUBLISHED", "dateUpdated": "2025-04-30T20:16:23.726Z", "dateReserved": "2024-06-14T23:39:56.153Z", "assignerOrgId": "99f1926a-a320-47d8-bbb5-42feb611262e", "datePublished": "2025-04-30T20:00:36.899Z", "assignerShortName": "zdi"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:tesla:model_s_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "D1F9CBB6-013F-43C4-B01D-D8CBE1623F4E", "versionEndExcluding": "2024.8", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:tesla:model_s:-:*:*:*:*:*:*:*", "matchCriteriaId": "8D28E699-B843-4641-9BA6-406D88231E7C", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Tesla Model S oFono Unnecessary Privileges Sandbox Escape Vulnerability. This vulnerability allows local attackers to escape the sandbox on affected Tesla Model S vehicles. An attacker must first obtain the ability to execute code within the sandbox on the target system in order to exploit this vulnerability.\n \nThe specific flaw exists within the oFono process. The process allows an attacker to modify interfaces. An attacker can leverage this vulnerability to bypass the iptables network sandbox. Was ZDI-CAN-23200."}, {"lang": "es", "value": "Vulnerabilidad de escape del entorno de pruebas de oFono con privilegios innecesarios en el Tesla Model S. Esta vulnerabilidad permite a atacantes locales escapar del entorno de pruebas en los veh\u00edculos Tesla Model S afectados. Para explotar esta vulnerabilidad, un atacante debe primero ejecutar c\u00f3digo dentro del entorno de pruebas en el sistema objetivo. La falla espec\u00edfica se encuentra en el proceso oFono, que permite a un atacante modificar interfaces. Un atacante puede aprovechar esta vulnerabilidad para eludir el entorno de pruebas de red de iptables. Anteriormente, se denominaba ZDI-CAN-23200."}], "id": "CVE-2024-6030", "lastModified": "2025-08-12T15:16:26.713", "metrics": {"cvssMetricV30": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.0, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.0"}, "exploitabilityScore": 1.0, "impactScore": 5.9, "source": "zdi-disclosures@trendmicro.com", "type": "Secondary"}]}, "published": "2025-04-30T20:15:21.030", "references": [{"source": "zdi-disclosures@trendmicro.com", "tags": ["Third Party Advisory"], "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-263/"}], "sourceIdentifier": "zdi-disclosures@trendmicro.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-250"}], "source": "zdi-disclosures@trendmicro.com", "type": "Primary"}]}

{}