CVE-2022-32507

{"id": "CVE-2022-32507", "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.8, "attackVector": "ADJACENT_NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 2.8}]}, "published": "2024-05-14T10:43:41.833", "references": [{"url": "https://latesthackingnews.com/2022/07/28/multiple-security-flaws-found-in-nuki-smart-locks/", "source": "cve@mitre.org"}, {"url": "https://nuki.io/en/security-updates/", "source": "cve@mitre.org"}, {"url": "https://research.nccgroup.com/2022/07/25/technical-advisory-multiple-vulnerabilities-in-nuki-smart-locks-cve-2022-32509-cve-2022-32504-cve-2022-32502-cve-2022-32507-cve-2022-32503-cve-2022-32510-cve-2022-32506-cve-2022-32508-cve-2/", "source": "cve@mitre.org"}, {"url": "https://www.hackread.com/nuki-smart-locks-vulnerabilities-plethora-attack-options/", "source": "cve@mitre.org"}, {"url": "https://latesthackingnews.com/2022/07/28/multiple-security-flaws-found-in-nuki-smart-locks/", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://nuki.io/en/security-updates/", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://research.nccgroup.com/2022/07/25/technical-advisory-multiple-vulnerabilities-in-nuki-smart-locks-cve-2022-32509-cve-2022-32504-cve-2022-32502-cve-2022-32507-cve-2022-32503-cve-2022-32510-cve-2022-32506-cve-2022-32508-cve-2/", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://www.hackread.com/nuki-smart-locks-vulnerabilities-plethora-attack-options/", "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Awaiting Analysis", "weaknesses": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "description": [{"lang": "en", "value": "CWE-284"}]}], "descriptions": [{"lang": "en", "value": "An issue was discovered on certain Nuki Home Solutions devices. Some BLE commands, which should have been designed to be only called from privileged accounts, could also be called from unprivileged accounts. This demonstrates that no access controls were implemented for the different BLE commands across the different accounts. This affects Nuki Smart Lock 3.0 before 3.3.5 and Nuki Smart Lock 2.0 before 2.12.4."}, {"lang": "es", "value": "Se ha descubierto un problema en determinados dispositivos de Nuki Home Solutions. Algunos comandos BLE, que deber\u00edan haber sido manipulados para ejecutarse \u00fanicamente desde cuentas privilegiadas, tambi\u00e9n podr\u00edan ejecutarse desde cuentas sin privilegios. Esto demuestra que no se implementaron controles de acceso para los diferentes comandos BLE en las diferentes cuentas. Esto afecta a Nuki Smart Lock 3.0 anterior a 3.3.5 y a Nuki Smart Lock 2.0 anterior a 2.12.4."}], "lastModified": "2024-11-21T07:06:30.720", "sourceIdentifier": "cve@mitre.org"}