nvd-json-data-feeds/CVE-2016/CVE-2016-65xx/CVE-2016-6542.json

{
  "id": "CVE-2016-6542",
  "sourceIdentifier": "cret@cert.org",
  "published": "2018-07-13T20:29:00.237",
  "lastModified": "2019-10-09T23:19:13.253",
  "vulnStatus": "Modified",
  "descriptions": [
    {
      "lang": "en",
      "value": "The iTrack device tracking ID number, also called \"LosserID\" in the web API, can be obtained by being in the range of an iTrack device. The tracker ID is the device's BLE MAC address."
    },
    {
      "lang": "es",
      "value": "El n\u00famero de ID de rastreo del dispositivo iTrack, tambi\u00e9n llamado \"LosserID\" en la API web, puede obtenerse estando en el rango de un dispositivo iTrack. El ID del rastreador es la direcci\u00f3n MAC BLE del dispositivo."
    }
  ],
  "metrics": {
    "cvssMetricV30": [
      {
        "source": "nvd@nist.gov",
        "type": "Primary",
        "cvssData": {
          "version": "3.0",
          "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N",
          "attackVector": "NETWORK",
          "attackComplexity": "HIGH",
          "privilegesRequired": "NONE",
          "userInteraction": "NONE",
          "scope": "UNCHANGED",
          "confidentialityImpact": "LOW",
          "integrityImpact": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 3.7,
          "baseSeverity": "LOW"
        },
        "exploitabilityScore": 2.2,
        "impactScore": 1.4
      }
    ],
    "cvssMetricV2": [
      {
        "source": "nvd@nist.gov",
        "type": "Primary",
        "cvssData": {
          "version": "2.0",
          "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
          "accessVector": "NETWORK",
          "accessComplexity": "MEDIUM",
          "authentication": "NONE",
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 4.3
        },
        "baseSeverity": "MEDIUM",
        "exploitabilityScore": 8.6,
        "impactScore": 2.9,
        "acInsufInfo": false,
        "obtainAllPrivilege": false,
        "obtainUserPrivilege": false,
        "obtainOtherPrivilege": false,
        "userInteractionRequired": false
      }
    ]
  },
  "weaknesses": [
    {
      "source": "nvd@nist.gov",
      "type": "Primary",
      "description": [
        {
          "lang": "en",
          "value": "CWE-20"
        }
      ]
    },
    {
      "source": "cret@cert.org",
      "type": "Secondary",
      "description": [
        {
          "lang": "en",
          "value": "CWE-200"
        }
      ]
    }
  ],
  "configurations": [
    {
      "nodes": [
        {
          "operator": "OR",
          "negate": false,
          "cpeMatch": [
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:ieasytec:itrackeasy:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "F701E41D-CE74-4EC6-BEDF-0D76D9A8E949"
            }
          ]
        }
      ]
    }
  ],
  "references": [
    {
      "url": "http://www.securityfocus.com/bid/93875",
      "source": "cret@cert.org",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ]
    },
    {
      "url": "https://blog.rapid7.com/2016/10/25/multiple-bluetooth-low-energy-ble-tracker-vulnerabilities/",
      "source": "cret@cert.org",
      "tags": [
        "Mitigation"
      ]
    },
    {
      "url": "https://www.kb.cert.org/vuls/id/974055",
      "source": "cret@cert.org",
      "tags": [
        "Third Party Advisory",
        "US Government Resource"
      ]
    }
  ]
}