CVE-2019-9860

{"id": "CVE-2019-9860", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 5.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV30": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 3.9}]}, "published": "2019-03-27T15:29:01.127", "references": [{"url": "https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2018-036.txt", "tags": ["Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2018-036.txt", "tags": ["Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-319"}, {"lang": "en", "value": "CWE-330"}]}], "descriptions": [{"lang": "en", "value": "Due to unencrypted signal communication and predictability of rolling codes, an attacker can \"desynchronize\" an ABUS Secvest wireless remote control (FUBE50014 or FUBE50015) relative to its controlled Secvest wireless alarm system FUAA50000 3.01.01, so that sent commands by the remote control are not accepted anymore."}, {"lang": "es", "value": "Debido a la comunicaci\u00f3n de se\u00f1ales no cifrada y a la predecibilidad de los c\u00f3digos evolutivos, un atacante puede \"desincronizar\" un control remoto inal\u00e1mbrico de ABUS Secvest (FUBE50014 o FUBE50015), relacionado con su sistema de alarma inal\u00e1mbrica Secvest controlada FUAA50000 3.01.01, por lo que los comandos enviados por el control remoto ya no se aceptan."}], "lastModified": "2024-11-21T04:52:27.370", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:abus:secvest_wireless_alarm_system_fuaa50000_firmware:3.01.01:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3C5A31E7-5281-4EDC-9CC5-A887857BB6B7"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:abus:secvest_wireless_alarm_system_fuaa50000:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "CD534B70-3FA6-4712-A30E-A9BEEB9A91CB"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:abus:secvest_wireless_remote_control_fube50014_firmware:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "36446080-FC7A-40C4-B3FA-E431B7208B54"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:abus:secvest_wireless_remote_control_fube50014:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "FE991250-A833-4D6D-9CAE-8802C81917E5"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:abus:secvest_wireless_remote_control_fube50015_firmware:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9837869E-A954-4E05-B8FA-FF4D41B45E0E"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:abus:secvest_wireless_remote_control_fube50015:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "FF0E3110-7E9E-4FE2-9611-78B4D9819927"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "cve@mitre.org"}