Key Takeaway
CVE-2015-5611 is a CVSS 10.0 remote code execution vulnerability in Fiat Chrysler's Uconnect telematics system affecting 1.4 million vehicles across Jeep, Dodge, Ram, and Chrysler brands. Researchers Charlie Miller and Chris Valasek demonstrated unauthenticated remote exploitation over the Sprint cellular network, gaining full control of steering, braking, and transmission via CAN bus message injection. FCA issued a mandatory recall under NHTSA 15V-461 and the case directly shaped subsequent automotive cybersecurity regulation including UNECE WP.29 R155 and ISO/SAE 21434.
CVE-2015-5611 | Fiat Chrysler Automobiles (FCA) Uconnect — Jeep Cherokee
Vulnerability Overview
CVE-2015-5611 affects the Uconnect telematics and infotainment system fitted to 2013–2015 Fiat Chrysler Automobiles (FCA) vehicles, most notably the Jeep Cherokee. The flaw is a remote code execution (RCE) vulnerability rooted in the cellular-connected Uconnect head unit, which ran a D-Bus service exposed over the Sprint cellular network on TCP port 6667.
The attack vector is network-based, requires no authentication, and carries no need for physical access or user interaction. Researchers Charlie Miller and Chris Valasek demonstrated full remote exploitation from an off-site laptop, with no prior access to the target vehicle. The vulnerability received a CVSS v2 base score of 10.0 — the maximum possible rating — reflecting the combination of remote accessibility, zero authentication requirements, and complete system compromise potential.
Technical Details
The Uconnect unit in affected vehicles exposed a D-Bus interface reachable over the Sprint cellular backbone. An attacker who identified a target vehicle's IP address — obtainable by scanning the Sprint cellular network range — could send crafted messages to the exposed service without credentials.
Successful exploitation allowed an attacker to:
- Modify firmware on the Uconnect head unit via a chip called the V850 microcontroller, which interfaces directly with physical vehicle systems.
- Send arbitrary CAN bus messages, overriding the vehicle's Controller Area Network to manipulate steering, braking, transmission, and engine controls.
- Access the vehicle's GPS coordinates, audio systems, and dashboard displays.
Miller and Valasek demonstrated disabling the transmission, cutting the brakes at low speed, and taking control of the steering wheel while a journalist drove the vehicle at highway speed on a St. Louis interstate. The attack required no physical proximity. The only requirement was a cellular signal and the target vehicle's IP address.
Affected vehicles included approximately 1.4 million FCA units across Jeep, Dodge, Ram, and Chrysler brands equipped with Uconnect systems using cellular connectivity.
Real-World Impact
FCA issued a voluntary recall — NHTSA Recall 15V-461 — covering 1.4 million vehicles in July 2015, making it one of the first automotive recalls driven explicitly by a cybersecurity vulnerability rather than a mechanical defect.
The National Highway Traffic Safety Administration (NHTSA) opened a formal investigation. FCA also worked with Sprint to block lateral communication between cellular-connected vehicles on the network, reducing the attack surface at the carrier level while the patch was distributed.
The exploit demonstrated a direct path from a remote network attacker to safety-critical physical vehicle controls — a chain that the automotive industry had broadly assumed was either non-existent or impractical. That assumption was wrong.
No confirmed malicious exploitation of this specific CVE against production vehicles was publicly documented. However, the public release of Miller and Valasek's research, combined with the scale of the affected fleet, created a credible mass-exploitation scenario that regulators treated as a critical public safety issue.
Affected Products
| Make | Models | Model Years | |------|--------|-------------| | Jeep | Cherokee, Grand Cherokee | 2014–2015 | | Dodge | Viper, Durango, Charger, Challenger | 2013–2015 | | Ram | 1500, 2500, 3500 Pickups | 2013–2015 | | Chrysler | 200, 300 | 2015 |
All affected vehicles carried Uconnect systems with cellular connectivity enabled.
Persistent Relevance
More than a decade after this disclosure, automotive attack surfaces have expanded rather than contracted. Modern vehicles carry LTE and 5G modems, Bluetooth stacks, Wi-Fi access points, OTA update mechanisms, V2X (vehicle-to-everything) communication modules, and cloud-connected telematics units. Each component represents a potential entry point to the CAN bus or, in newer architectures, Ethernet-based vehicle networks.
Regulatory responses have followed. UNECE WP.29 Regulation No. 155 now mandates Cyber Security Management Systems (CSMS) for vehicle type approvals in markets including the EU, Japan, and South Korea. NHTSA has published multiple cybersecurity best practice frameworks for the automotive sector. ISO/SAE 21434 establishes engineering requirements for road vehicle cybersecurity throughout the product lifecycle.
Despite this regulatory progress, the core problem CVE-2015-5611 exposed — internet-reachable services with direct or indirect access to vehicle control systems — remains an active area of vulnerability research. Researchers have subsequently documented similar issues in systems from Tesla, BMW, Mercedes-Benz, Kia, Hyundai, and others.
Patching and Mitigation Guidance
For vehicle owners with affected FCA models:
- Apply the USB firmware update released under NHTSA Recall 15V-461 if not already installed. Dealers can confirm whether a specific VIN received the patch.
- Verify Uconnect firmware version via the system's settings menu. FCA published patched version numbers as part of the recall documentation.
- Contact an FCA-authorized dealer for out-of-warranty vehicles that have not received the update.
For fleet operators managing FCA vehicles from this period:
- Audit fleet VINs against the recall database at nhtsa.gov/recalls.
- Treat any unpatched unit as a compromised endpoint. Restrict physical and network access until the firmware update is confirmed.
- Document remediation in your asset management system and include automotive ECU firmware versions in ongoing vulnerability management tracking.
For automotive security teams and OEMs using this case as a reference:
- Enforce network segmentation between telematics units and safety-critical CAN bus controllers at the hardware level.
- Require authentication and mutual TLS for all cellular and network-facing services on vehicle head units.
- Implement intrusion detection at the CAN bus layer to flag anomalous message injection patterns.
- Conduct regular penetration testing of telematics attack surfaces as part of CSMS compliance under UNECE R155.
Original Source
Dark Reading
Related Articles
CVE Pending: Critical Vulnerability in Anthropic's Claude Code Discovered Days After Source Code Leak
Adversa AI discovered a critical vulnerability in Anthropic's Claude Code agentic coding assistant within days of Anthropic accidentally leaking the product's source code. Claude Code operates with elevated system privileges in developer environments, making exploitation potentially severe — including credential theft, CI/CD pipeline manipulation, and lateral movement. Organizations should audit deployments, rotate credentials, and apply patches immediately once Anthropic releases a fix.
CVE-2024-6387: OpenSSH regreSSHion RCE Flaw Exposes Millions of Linux Servers to Unauthenticated Root Access
CVE-2024-6387 (regreSSHion) is a signal handler race condition in OpenSSH sshd versions 8.5p1 through 9.7p1 that allows unauthenticated remote code execution as root. Discovered by Qualys, the flaw affects an estimated 700,000 publicly exposed servers. Administrators should upgrade to OpenSSH 9.8p1 immediately or set LoginGraceTime 0 as a temporary workaround.
Apple Expands DarkSword Exploit Kit Mitigations Across Device Fleet After State-Sponsored and Spyware Vendor Abuse
Apple has expanded mitigations against the DarkSword exploit kit to additional devices after the toolkit was used in operations by state-sponsored threat groups and commercial spyware vendors. The expansion follows Apple's standard model of phased protection rollouts across its device ecosystem. All Apple device owners should apply the latest OS updates immediately, and high-risk individuals should enable Lockdown Mode.
CVE-2026-20093: Critical Cisco IMC Authentication Bypass Carries CVSS 9.8
Cisco has patched CVE-2026-20093, a critical authentication bypass vulnerability in the Cisco Integrated Management Controller (IMC) with a CVSS score of 9.8. An unauthenticated remote attacker can exploit the flaw to bypass authentication and gain elevated privileges over affected hardware management interfaces. Administrators should apply Cisco's patch immediately and restrict IMC network access to isolated management VLANs.