CVE-2017-17436

{"id": "CVE-2017-17436", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 3.3, "accessVector": "ADJACENT_NETWORK", "vectorString": "AV:A/AC:L/Au:N/C:P/I:N/A:N", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "LOW", "obtainAllPrivilege": false, "exploitabilityScore": 6.5, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV30": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 8.8, "attackVector": "ADJACENT_NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 2.8}]}, "published": "2017-12-07T00:29:00.287", "references": [{"url": "https://vaulteksafe.com/index.php/cve-2017-17435/", "tags": ["Mitigation", "Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "https://www.twosixlabs.com/bluesteal-popping-gatt-safes/", "tags": ["Third Party Advisory"], "source": "cve@mitre.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-326"}]}], "descriptions": [{"lang": "en", "value": "An issue was discovered in the software on Vaultek Gun Safe VT20i products. There is no encryption of the session between the Android application and the safe. The website and marketing materials advertise that this communication channel is encrypted with \"Highest Level Bluetooth Encryption\" and \"Data transmissions are secure via AES256 bit encryption.\" These claims, however, are not true. Moreover, AES256 bit encryption is not supported in the Bluetooth Low Energy (BLE) standard, so it would have to be at the application level. This lack of encryption allows an individual to learn the passcode by eavesdropping on the communications between the application and the safe."}, {"lang": "es", "value": "Se ha descubierto una vulnerabilidad en el software en productos Vaultek Gun Safe VT20i. No se cifra la sesi\u00f3n entre la aplicaci\u00f3n de Android y la caja fuerte. Los materiales de marketing as\u00ed como el sitio web anuncian que este canal est\u00e1 cifrado con \"un cifrado Bluetooth del m\u00e1s alto nivel\" y que \"las transmisiones de datos se realizan de forma segura mediante el cifrado de bits AES256\". Sin embargo, estas afirmaciones no son ciertas. Adem\u00e1s, los cifrados de bits AES256 no son compatibles con el est\u00e1ndar Bluetooth de baja energ\u00eda (Bluetooth LE), por lo que tendr\u00eda que serlo a nivel de aplicaci\u00f3n. Esta falta de cifrado permite que un usuario aprenda el c\u00f3digo de acceso espiando las comunicaciones entre la aplicaci\u00f3n y la caja fuerte."}], "lastModified": "2017-12-22T15:59:37.883", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:vaulteksafe:vt20i_firmware:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5EDBDB6F-0A1D-41A1-880F-5792AF4D192F"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:vaulteksafe:vt20i:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "86037AA2-62CF-41E7-815D-FDA28558F0E0"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "cve@mitre.org"}