mirror of
https://github.com/fkie-cad/nvd-json-data-feeds.git
synced 2025-05-28 17:21:36 +00:00
48 lines
1.9 KiB
JSON
48 lines
1.9 KiB
JSON
{
|
|
"id": "CVE-2023-7009",
|
|
"sourceIdentifier": "cret@cert.org",
|
|
"published": "2024-03-15T17:15:07.810",
|
|
"lastModified": "2024-08-26T15:35:04.417",
|
|
"vulnStatus": "Awaiting Analysis",
|
|
"cveTags": [],
|
|
"descriptions": [
|
|
{
|
|
"lang": "en",
|
|
"value": "Some Sciener-based locks support plaintext message processing over Bluetooth Low Energy, allowing unencrypted malicious commands to be passed to the lock. These malicious commands, less then 16 bytes in length, will be processed by the lock as if they were encrypted communications. This can be further exploited by an attacker to compromise the lock's integrity."
|
|
},
|
|
{
|
|
"lang": "es",
|
|
"value": "Algunas cerraduras basadas en Sciener admiten el procesamiento de mensajes de texto plano a trav\u00e9s de Bluetooth Low Energy, lo que permite pasar comandos maliciosos sin cifrar a la cerradura. Estos comandos maliciosos, de menos de 16 bytes de longitud, ser\u00e1n procesados por la cerradura como si fueran comunicaciones cifradas. Un atacante puede aprovechar a\u00fan m\u00e1s esto para comprometer la integridad del bloqueo."
|
|
}
|
|
],
|
|
"metrics": {
|
|
"cvssMetricV31": [
|
|
{
|
|
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
|
|
"type": "Secondary",
|
|
"cvssData": {
|
|
"version": "3.1",
|
|
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:N",
|
|
"attackVector": "NETWORK",
|
|
"attackComplexity": "LOW",
|
|
"privilegesRequired": "NONE",
|
|
"userInteraction": "NONE",
|
|
"scope": "UNCHANGED",
|
|
"confidentialityImpact": "LOW",
|
|
"integrityImpact": "HIGH",
|
|
"availabilityImpact": "NONE",
|
|
"baseScore": 8.2,
|
|
"baseSeverity": "HIGH"
|
|
},
|
|
"exploitabilityScore": 3.9,
|
|
"impactScore": 4.2
|
|
}
|
|
]
|
|
},
|
|
"references": [
|
|
{
|
|
"url": "https://alephsecurity.com/2024/03/07/kontrol-lux-lock-2/",
|
|
"source": "cret@cert.org"
|
|
}
|
|
]
|
|
} |