nvd-json-data-feeds/CVE-2017/CVE-2017-115xx/CVE-2017-11578.json

{
  "id": "CVE-2017-11578",
  "sourceIdentifier": "cve@mitre.org",
  "published": "2019-07-02T21:15:09.870",
  "lastModified": "2019-07-15T13:10:30.407",
  "vulnStatus": "Analyzed",
  "descriptions": [
    {
      "lang": "en",
      "value": "It was discovered as a part of the research on IoT devices in the most recent firmware for Blipcare device that the device allows to connect to web management interface on a non-SSL connection using plain text HTTP protocol. The user uses the web management interface of the device to provide the user's Wi-Fi credentials so that the device can connect to it and have Internet access. This device acts as a Wireless Blood pressure monitor and is used to measure blood pressure levels of a person. This allows an attacker who is connected to the Blipcare's device wireless network to easily sniff these values using a MITM attack."
    },
    {
      "lang": "es",
      "value": "Se detect\u00f3 como parte de la investigaci\u00f3n sobre dispositivos IoT en el firmware m\u00e1s reciente para el dispositivo Blipcare, que el dispositivo permite conectarse a la interfaz de administraci\u00f3n web en una conexi\u00f3n no SSL usando el protocolo HTTP de texto plano. El usuario utiliza la interfaz de administraci\u00f3n web del dispositivo para proveer las credenciales Wi-Fi del usuario para que el dispositivo pueda conectarse a \u00e9l y tener acceso a Internet. Este dispositivo act\u00faa como un monitor de presi\u00f3n Sangu\u00ednea Inal\u00e1mbrico y es usado para medir los niveles de presi\u00f3n sangu\u00ednea de una persona. Esto permite a un atacante que est\u00e1 conectado a la red inal\u00e1mbrica del dispositivo Blipcare poder espiar f\u00e1cilmente estos valores mediante un ataque de tipo MITM."
    }
  ],
  "metrics": {
    "cvssMetricV30": [
      {
        "source": "nvd@nist.gov",
        "type": "Primary",
        "cvssData": {
          "version": "3.0",
          "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
          "attackVector": "NETWORK",
          "attackComplexity": "HIGH",
          "privilegesRequired": "NONE",
          "userInteraction": "NONE",
          "scope": "UNCHANGED",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 5.9,
          "baseSeverity": "MEDIUM"
        },
        "exploitabilityScore": 2.2,
        "impactScore": 3.6
      }
    ],
    "cvssMetricV2": [
      {
        "source": "nvd@nist.gov",
        "type": "Primary",
        "cvssData": {
          "version": "2.0",
          "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
          "accessVector": "NETWORK",
          "accessComplexity": "MEDIUM",
          "authentication": "NONE",
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 4.3
        },
        "baseSeverity": "MEDIUM",
        "exploitabilityScore": 8.6,
        "impactScore": 2.9,
        "acInsufInfo": false,
        "obtainAllPrivilege": false,
        "obtainUserPrivilege": false,
        "obtainOtherPrivilege": false,
        "userInteractionRequired": false
      }
    ]
  },
  "weaknesses": [
    {
      "source": "nvd@nist.gov",
      "type": "Primary",
      "description": [
        {
          "lang": "en",
          "value": "CWE-200"
        }
      ]
    }
  ],
  "configurations": [
    {
      "operator": "AND",
      "nodes": [
        {
          "operator": "OR",
          "negate": false,
          "cpeMatch": [
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:o:blipcare:wi-fi_blood_pressure_monitor_firmware:*:*:*:*:*:*:*:*",
              "versionEndIncluding": "bp700_10.1",
              "matchCriteriaId": "AFBC8640-C65D-4A08-90C9-1DEAEE598C91"
            }
          ]
        },
        {
          "operator": "OR",
          "negate": false,
          "cpeMatch": [
            {
              "vulnerable": false,
              "criteria": "cpe:2.3:h:blipcare:wi-fi_blood_pressure_monitor:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "BB414505-7BE8-463E-B036-16B53ADED4AA"
            }
          ]
        }
      ]
    }
  ],
  "references": [
    {
      "url": "http://packetstormsecurity.com/files/153225/Blipcare-Clear-Text-Communication-Memory-Corruption.html",
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ]
    },
    {
      "url": "https://github.com/ethanhunnt/IoT_vulnerabilities/blob/master/Blipcare_sec_issues.pdf",
      "source": "cve@mitre.org",
      "tags": [
        "Exploit",
        "Third Party Advisory"
      ]
    },
    {
      "url": "https://seclists.org/bugtraq/2019/Jun/8",
      "source": "cve@mitre.org",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ]
    }
  ]
}