diff --git a/2019/9xxx/CVE-2019-9506.json b/2019/9xxx/CVE-2019-9506.json index 69691e732b2..b3d3da40e5f 100644 --- a/2019/9xxx/CVE-2019-9506.json +++ b/2019/9xxx/CVE-2019-9506.json @@ -1,9 +1,44 @@ { "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", + "AKA": "KNOB", + "ASSIGNER": "cert@cert.org", + "DATE_PUBLIC": "2019-08-14", "ID": "CVE-2019-9506", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "Blutooth BR/EDR specification does not specify sufficient encryption key entropy" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "BR/EDR ", + "version": { + "version_data": [ + { + "platform": "N/A", + "version_affected": "<=", + "version_name": "5.1", + "version_value": "5.1" + } + ] + } + } + ] + }, + "vendor_name": "Bluetooth" + } + ] + } + }, + "credit": [ + { + "lang": "eng", + "value": "Daniele Antonioliā€š Nils Ole Tippenhauer, Kasper Rasmussen" + } + ], "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", @@ -11,8 +46,71 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The Bluetooth BR/EDR specification up to and including version 5.1 permits sufficiently low entropy in the encryption key negotiation protocol to allow practical brute-force attacks (aka \"KNOB\"). A successful attack can decrypt traffic and inject arbitrary ciphertext without the victim noticing." } ] - } -} \ No newline at end of file + }, + "generator": { + "engine": "Vulnogram 0.0.7" + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "ADJACENT_NETWORK", + "availabilityImpact": "LOW", + "baseScore": 7.6, + "baseSeverity": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "LOW", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L", + "version": "3.0" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-310 Cryptographic Issues" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "VU#918987", + "refsource": "CERT-VN", + "url": "https://www.kb.cert.org/vuls/id/918987/" + }, + { + "name": "http://www.cs.ox.ac.uk/publications/publication12404-abstract.html", + "refsource": "MISC", + "url": "http://www.cs.ox.ac.uk/publications/publication12404-abstract.html" + }, + { + "name": "https://www.usenix.org/conference/usenixsecurity19/presentation/antonioli", + "refsource": "MISC", + "url": "https://www.usenix.org/conference/usenixsecurity19/presentation/antonioli" + } + ] + }, + "source": { + "advisory": "VU#918987", + "defect": [ + "VU#918987" + ], + "discovery": "EXTERNAL" + }, + "work_around": [ + { + "lang": "eng", + "value": "Bluetooth SIG Expedited Errata Correction 11838" + } + ] +}