CVE-2019-17627

{"id": "CVE-2019-17627", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 3.3, "accessVector": "ADJACENT_NETWORK", "vectorString": "AV:A/AC:L/Au:N/C:P/I:N/A:N", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "LOW", "obtainAllPrivilege": false, "exploitabilityScore": 6.5, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.5, "attackVector": "ADJACENT_NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 2.8}]}, "published": "2019-10-16T12:15:12.103", "references": [{"url": "https://github.com/PwnMonkeyLab/YaleDoorlockVulnerability/blob/master/HowToDo.md", "tags": ["Exploit", "Third Party Advisory"], "source": "cve@mitre.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-287"}]}], "descriptions": [{"lang": "en", "value": "The Yale Bluetooth Key application for mobile devices allows unauthorized unlock actions by sniffing Bluetooth Low Energy (BLE) traffic during one authorized unlock action, and then calculating the authentication key via simple computations on the hex digits of a valid authentication request. This affects the Yale ZEN-R lock and unspecified other locks."}, {"lang": "es", "value": "La aplicaci\u00f3n Yale Bluetooth Key para dispositivos m\u00f3viles, permite acciones de desbloqueo no autorizadas al detectar el tr\u00e1fico Bluetooth Low Energy (BLE) durante una acci\u00f3n de desbloqueo autorizada, y luego calcular la clave de autenticaci\u00f3n mediante c\u00e1lculos simples en los d\u00edgitos hexadecimales de una petici\u00f3n de autenticaci\u00f3n v\u00e1lida. Esto afecta el bloqueo Yale ZEN-R y otros bloqueos no especificados."}], "lastModified": "2019-10-18T17:00:37.100", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:yalehome:yale_bluetooth_key:-:*:*:*:*:android:*:*", "vulnerable": true, "matchCriteriaId": "ACCC2199-CDA8-4D24-B09F-6BD0CF014200"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}