nvd-json-data-feeds/CVE-2019/CVE-2019-21xx/CVE-2019-2102.json

{
  "id": "CVE-2019-2102",
  "sourceIdentifier": "security@android.com",
  "published": "2019-06-07T20:29:01.433",
  "lastModified": "2019-09-12T04:15:11.787",
  "vulnStatus": "Modified",
  "descriptions": [
    {
      "lang": "en",
      "value": "In the Bluetooth Low Energy (BLE) specification, there is a provided example Long Term Key (LTK). If a BLE device were to use this as a hardcoded LTK, it is theoretically possible for a proximate attacker to remotely inject keystrokes on a paired Android host due to improperly used crypto. User interaction is not needed for exploitation. Product: Android. Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9. Android ID: A-128843052."
    },
    {
      "lang": "es",
      "value": "En la especificaci\u00f3n Bluetooth de baja energ\u00eda (BLE), se proporciona un ejemplo de clave a largo plazo (LTK). Si un dispositivo BLE utilizara esto como un LTK codificado, es te\u00f3ricamente posible que un atacante cercano pueda inyectar de forma remota pulsaciones de teclas (keystroke injection) en un host de Android emparejado debido al uso incorrecto de criptograf\u00eda. La interacci\u00f3n del usuario no es necesaria para la explotaci\u00f3n. Producto: Android. Versiones: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9. Identificaci\u00f3n de Android: A-128843052."
    }
  ],
  "metrics": {
    "cvssMetricV30": [
      {
        "source": "nvd@nist.gov",
        "type": "Primary",
        "cvssData": {
          "version": "3.0",
          "vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "attackVector": "ADJACENT_NETWORK",
          "attackComplexity": "LOW",
          "privilegesRequired": "NONE",
          "userInteraction": "NONE",
          "scope": "UNCHANGED",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "availabilityImpact": "HIGH",
          "baseScore": 8.8,
          "baseSeverity": "HIGH"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 5.9
      }
    ],
    "cvssMetricV2": [
      {
        "source": "nvd@nist.gov",
        "type": "Primary",
        "cvssData": {
          "version": "2.0",
          "vectorString": "AV:A/AC:L/Au:N/C:C/I:C/A:C",
          "accessVector": "ADJACENT_NETWORK",
          "accessComplexity": "LOW",
          "authentication": "NONE",
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 8.3
        },
        "baseSeverity": "HIGH",
        "exploitabilityScore": 6.5,
        "impactScore": 10.0,
        "acInsufInfo": false,
        "obtainAllPrivilege": false,
        "obtainUserPrivilege": false,
        "obtainOtherPrivilege": false,
        "userInteractionRequired": false
      }
    ]
  },
  "weaknesses": [
    {
      "source": "nvd@nist.gov",
      "type": "Primary",
      "description": [
        {
          "lang": "en",
          "value": "CWE-264"
        }
      ]
    }
  ],
  "configurations": [
    {
      "nodes": [
        {
          "operator": "OR",
          "negate": false,
          "cpeMatch": [
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:o:google:android:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "09E6085C-A61E-4A89-BF80-EDD9A7DF1E47"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:o:google:android:7.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "D835D592-2423-44C6-804A-3AD010112E7C"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:o:google:android:7.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "568E2561-A068-46A2-B331-BBA91FC96F0C"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:o:google:android:8.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "B578E383-0D77-4AC7-9C81-3F0B8C18E033"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:o:google:android:8.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "B06BE74B-83F4-41A3-8AD3-2E6248F7B0B2"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:o:google:android:9.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "8DFAAD08-36DA-4C95-8200-C29FE5B6B854"
            }
          ]
        }
      ]
    }
  ],
  "references": [
    {
      "url": "https://source.android.com/security/bulletin/2019-06-01",
      "source": "security@android.com",
      "tags": [
        "Vendor Advisory"
      ]
    },
    {
      "url": "https://support.apple.com/kb/HT210118",
      "source": "security@android.com"
    },
    {
      "url": "https://support.apple.com/kb/HT210119",
      "source": "security@android.com"
    },
    {
      "url": "https://support.apple.com/kb/HT210120",
      "source": "security@android.com"
    }
  ]
}
bootstrap 2023-04-24 12:24:31 +02:00			`{`
			`"id": "CVE-2019-2102",`
			`"sourceIdentifier": "security@android.com",`
			`"published": "2019-06-07T20:29:01.433",`
			`"lastModified": "2019-09-12T04:15:11.787",`
			`"vulnStatus": "Modified",`
			`"descriptions": [`
			`{`
			`"lang": "en",`
			`"value": "In the Bluetooth Low Energy (BLE) specification, there is a provided example Long Term Key (LTK). If a BLE device were to use this as a hardcoded LTK, it is theoretically possible for a proximate attacker to remotely inject keystrokes on a paired Android host due to improperly used crypto. User interaction is not needed for exploitation. Product: Android. Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9. Android ID: A-128843052."`
			`},`
			`{`
			`"lang": "es",`
			"value": "En la especificaci\u00f3n Bluetooth de baja energ\u00eda (BLE), se proporciona un ejemplo de clave a largo plazo (LTK). Si un dispositivo BLE utilizara esto como un LTK codificado, es te\u00f3ricamente posible que un atacante cercano pueda inyectar de forma remota pulsaciones de teclas (keystroke injection) en un host de Android emparejado debido al uso incorrecto de criptograf\u00eda. La interacci\u00f3n del usuario no es necesaria para la explotaci\u00f3n. Producto: Android. Versiones: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9. Identificaci\u00f3n de Android: A-128843052."
			`}`
			`],`
			`"metrics": {`
			`"cvssMetricV30": [`
			`{`
			`"source": "nvd@nist.gov",`
			`"type": "Primary",`
			`"cvssData": {`
			`"version": "3.0",`
			`"vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",`
			`"attackVector": "ADJACENT_NETWORK",`
			`"attackComplexity": "LOW",`
			`"privilegesRequired": "NONE",`
			`"userInteraction": "NONE",`
			`"scope": "UNCHANGED",`
			`"confidentialityImpact": "HIGH",`
			`"integrityImpact": "HIGH",`
			`"availabilityImpact": "HIGH",`
			`"baseScore": 8.8,`
			`"baseSeverity": "HIGH"`
			`},`
			`"exploitabilityScore": 2.8,`
			`"impactScore": 5.9`
			`}`
			`],`
			`"cvssMetricV2": [`
			`{`
			`"source": "nvd@nist.gov",`
			`"type": "Primary",`
			`"cvssData": {`
			`"version": "2.0",`
			`"vectorString": "AV:A/AC:L/Au:N/C:C/I:C/A:C",`
			`"accessVector": "ADJACENT_NETWORK",`
			`"accessComplexity": "LOW",`
			`"authentication": "NONE",`
			`"confidentialityImpact": "COMPLETE",`
			`"integrityImpact": "COMPLETE",`
			`"availabilityImpact": "COMPLETE",`
			`"baseScore": 8.3`
			`},`
			`"baseSeverity": "HIGH",`
			`"exploitabilityScore": 6.5,`
			`"impactScore": 10.0,`
			`"acInsufInfo": false,`
			`"obtainAllPrivilege": false,`
			`"obtainUserPrivilege": false,`
			`"obtainOtherPrivilege": false,`
			`"userInteractionRequired": false`
			`}`
			`]`
			`},`
			`"weaknesses": [`
			`{`
			`"source": "nvd@nist.gov",`
			`"type": "Primary",`
			`"description": [`
			`{`
			`"lang": "en",`
			`"value": "CWE-264"`
			`}`
			`]`
			`}`
			`],`
			`"configurations": [`
			`{`
			`"nodes": [`
			`{`
			`"operator": "OR",`
			`"negate": false,`
			`"cpeMatch": [`
			`{`
			`"vulnerable": true,`
			`"criteria": "cpe:2.3:o:google:android:7.0:::::::*",`
			`"matchCriteriaId": "09E6085C-A61E-4A89-BF80-EDD9A7DF1E47"`
			`},`
			`{`
			`"vulnerable": true,`
			`"criteria": "cpe:2.3:o:google:android:7.1.1:::::::*",`
			`"matchCriteriaId": "D835D592-2423-44C6-804A-3AD010112E7C"`
			`},`
			`{`
			`"vulnerable": true,`
			`"criteria": "cpe:2.3:o:google:android:7.1.2:::::::*",`
			`"matchCriteriaId": "568E2561-A068-46A2-B331-BBA91FC96F0C"`
			`},`
			`{`
			`"vulnerable": true,`
			`"criteria": "cpe:2.3:o:google:android:8.0:::::::*",`
			`"matchCriteriaId": "B578E383-0D77-4AC7-9C81-3F0B8C18E033"`
			`},`
			`{`
			`"vulnerable": true,`
			`"criteria": "cpe:2.3:o:google:android:8.1:::::::*",`
			`"matchCriteriaId": "B06BE74B-83F4-41A3-8AD3-2E6248F7B0B2"`
			`},`
			`{`
			`"vulnerable": true,`
			`"criteria": "cpe:2.3:o:google:android:9.0:::::::*",`
			`"matchCriteriaId": "8DFAAD08-36DA-4C95-8200-C29FE5B6B854"`
			`}`
			`]`
			`}`
			`]`
			`}`
			`],`
			`"references": [`
			`{`
			`"url": "https://source.android.com/security/bulletin/2019-06-01",`
			`"source": "security@android.com",`
			`"tags": [`
			`"Vendor Advisory"`
			`]`
			`},`
			`{`
			`"url": "https://support.apple.com/kb/HT210118",`
			`"source": "security@android.com"`
			`},`
			`{`
			`"url": "https://support.apple.com/kb/HT210119",`
			`"source": "security@android.com"`
			`},`
			`{`
			`"url": "https://support.apple.com/kb/HT210120",`
			`"source": "security@android.com"`
			`}`
			`]`
			`}`