admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-05-28 09:11:28 +00:00
Code Issues Packages Projects Releases Wiki Activity
nvd-json-data-feeds/CVE-2018/CVE-2018-91xx/CVE-2018-9119.json
cad-safe-bot 7929c203d7 Auto-Update: 2023-08-31T23:55:24.765619+00:00
2023-08-31 23:55:28 +00:00

139 lines
4.1 KiB
JSON
Raw Blame History

{
"id": "CVE-2018-9119",
"sourceIdentifier": "cve@mitre.org",
"published": "2018-04-04T18:29:02.433",
"lastModified": "2023-08-31T23:15:21.857",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
"value": "An attacker with physical access to a BrilliantTS FUZE card (MCU firmware 0.1.73, BLE firmware 0.7.4) can unlock the card, extract credit card numbers, and tamper with data on the card via Bluetooth because no authentication is needed, as demonstrated by gatttool."
},
{
"lang": "es",
"value": "Un atacante con acceso f\u00edsico a una tarjeta BrilliantTS FUZE (MCU firmware 0.1.73, BLE firmware 0.7.4) puede desbloquear la tarjeta, extraer n\u00fameros de tarjeta de cr\u00e9dito y manipular los datos de la tarjeta mediante Bluetooth, ya que no se necesita autenticaci\u00f3n, tal y como se demuestra con gatttool."
}
],
"metrics": {
"cvssMetricV30": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.0",
"vectorString": "CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"attackVector": "PHYSICAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 0.9,
"impactScore": 5.2
}
],
"cvssMetricV2": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "2.0",
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:N",
"accessVector": "LOCAL",
"accessComplexity": "LOW",
"authentication": "NONE",
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"availabilityImpact": "NONE",
"baseScore": 3.6
},
"baseSeverity": "LOW",
"exploitabilityScore": 3.9,
"impactScore": 4.9,
"acInsufInfo": false,
"obtainAllPrivilege": false,
"obtainUserPrivilege": false,
"obtainOtherPrivilege": false,
"userInteractionRequired": false
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-306"
}
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:brilliantts:fuze_card_ble_firmware:0.7.4:*:*:*:*:*:*:*",
"matchCriteriaId": "49008870-8A17-407B-BB7A-9255C1C37F14"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:brilliantts:fuze_card_mcu_firmware:0.1.73:*:*:*:*:*:*:*",
"matchCriteriaId": "68174661-F161-4B27-9536-7264A1145F74"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:brilliantts:fuze_card:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1FB55F9B-14CC-4F5D-869B-AEC81F1C220E"
}
]
}
]
}
],
"references": [
{
"url": "https://blog.ice9.us/2018/04/stealing-credit-cards-from-fuze-bluetooth.html",
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://ice9.us/advisories/ICE9-2018-001.txt",
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://www.elttam.com/blog/fuzereview/#content",
"source": "cve@mitre.org"
},
{
"url": "https://www.reddit.com/r/netsec/comments/89qrp1/stealing_credit_cards_from_fuze_via_bluetooth/",
"source": "cve@mitre.org",
"tags": [
"Issue Tracking"
]
}
]
}
Reference in New Issue View Git Blame Copy Permalink