CVE-2022-37193

{"id": "CVE-2022-37193", "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.4, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.2, "exploitabilityScore": 2.2}]}, "published": "2022-09-27T23:15:14.417", "references": [{"url": "https://chipolo.net/en-us/products/chipolo-one-4-pack", "tags": ["Product"], "source": "cve@mitre.org"}, {"url": "https://github.com/zhouxinan/CCS22MaaGIoT/blob/main/ChipoloONE.md", "tags": ["Third Party Advisory"], "source": "cve@mitre.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-522"}]}], "descriptions": [{"lang": "en", "value": "Chipolo ONE Bluetooth tracker (2020) Chipolo iOS app version 4.13.0 is vulnerable to Incorrect Access Control. Chipolo devices suffer from access revocation evasion attacks once the malicious sharee obtains the access credentials."}, {"lang": "es", "value": "Chipolo ONE Bluetooth tracker (2020) Chipolo iOS app versi\u00f3n 4.13.0, es vulnerable a un Control de Acceso Incorrecto. Los dispositivos Chipolo sufren ataques de evasi\u00f3n de revocaci\u00f3n de acceso una vez que el sharee malicioso obtiene las credenciales de acceso"}], "lastModified": "2022-10-03T18:26:04.327", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:chipolo:chipolo:4.13.0:*:*:*:*:iphone_os:*:*", "vulnerable": true, "matchCriteriaId": "008C5D4C-7770-4877-AD8E-DD7A7086C790"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:chipolo:chipolo_one:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "DE7CC982-417C-400C-B029-AAB5E38497BC"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "cve@mitre.org"}