CVE-2017-8866

{"id": "CVE-2017-8866", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.3, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "MEDIUM", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV30": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 5.9, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 2.2}]}, "published": "2017-12-11T21:29:00.827", "references": [{"url": "https://dl.acm.org/citation.cfm?id=3139947", "tags": ["Issue Tracking", "Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://dl.acm.org/citation.cfm?id=3139947", "tags": ["Issue Tracking", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-327"}]}], "descriptions": [{"lang": "en", "value": "Elemental Path's CogniToys Dino smart toys through firmware version 0.0.794 share a fixed small pool of hardcoded keys, allowing a remote attacker to use a different Dino device to decrypt VoIP traffic between a child's Dino and remote server."}, {"lang": "es", "value": "Los juguetes inteligentes CogniToys Dino de Elemental Path hasta la versi\u00f3n de firmware 0.0.794 comparten un peque\u00f1o grupo fijo de claves embebidas. Esto permite que un atacante remoto emplee un dispositivo Dino diferente para descodificar el tr\u00e1fico VoIP entre el Dino de un ni\u00f1o y el servidor remoto."}], "lastModified": "2024-11-21T03:34:52.880", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:cognitoys:stemosaur_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "88EDB973-E374-4A07-985D-EA8138D2ECBD", "versionEndIncluding": "0.0.794"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:cognitoys:stemosaur:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "2F8C9518-FB3F-4DD6-841F-D653B70470D2"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "cve@mitre.org"}