mirror of
https://github.com/fkie-cad/nvd-json-data-feeds.git
synced 2025-05-28 01:02:25 +00:00
115 lines
3.4 KiB
JSON
115 lines
3.4 KiB
JSON
{
|
|
"id": "CVE-2022-46480",
|
|
"sourceIdentifier": "cve@mitre.org",
|
|
"published": "2023-12-05T00:15:07.460",
|
|
"lastModified": "2024-11-21T07:30:37.423",
|
|
"vulnStatus": "Modified",
|
|
"cveTags": [],
|
|
"descriptions": [
|
|
{
|
|
"lang": "en",
|
|
"value": "Incorrect Session Management and Credential Re-use in the Bluetooth LE stack of the Ultraloq UL3 2nd Gen Smart Lock Firmware 02.27.0012 allows an attacker to sniff the unlock code and unlock the device whilst within Bluetooth range."
|
|
},
|
|
{
|
|
"lang": "es",
|
|
"value": "La gesti\u00f3n de sesi\u00f3n incorrecta y la reutilizaci\u00f3n de credenciales en la pila Bluetooth LE del firmware de bloqueo inteligente Ultraloq UL3 de segunda generaci\u00f3n 02.27.0012 permiten a un atacante detectar el c\u00f3digo de desbloqueo y desbloquear el dispositivo mientras se encuentra dentro del alcance de Bluetooth."
|
|
}
|
|
],
|
|
"metrics": {
|
|
"cvssMetricV31": [
|
|
{
|
|
"source": "nvd@nist.gov",
|
|
"type": "Primary",
|
|
"cvssData": {
|
|
"version": "3.1",
|
|
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
|
|
"baseScore": 8.1,
|
|
"baseSeverity": "HIGH",
|
|
"attackVector": "ADJACENT_NETWORK",
|
|
"attackComplexity": "LOW",
|
|
"privilegesRequired": "NONE",
|
|
"userInteraction": "NONE",
|
|
"scope": "UNCHANGED",
|
|
"confidentialityImpact": "HIGH",
|
|
"integrityImpact": "HIGH",
|
|
"availabilityImpact": "NONE"
|
|
},
|
|
"exploitabilityScore": 2.8,
|
|
"impactScore": 5.2
|
|
}
|
|
]
|
|
},
|
|
"weaknesses": [
|
|
{
|
|
"source": "nvd@nist.gov",
|
|
"type": "Primary",
|
|
"description": [
|
|
{
|
|
"lang": "en",
|
|
"value": "CWE-294"
|
|
},
|
|
{
|
|
"lang": "en",
|
|
"value": "CWE-384"
|
|
}
|
|
]
|
|
}
|
|
],
|
|
"configurations": [
|
|
{
|
|
"operator": "AND",
|
|
"nodes": [
|
|
{
|
|
"operator": "OR",
|
|
"negate": false,
|
|
"cpeMatch": [
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:o:u-tec:ultraloq_ul3_bt_firmware:02.27.0012:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "BA191DAF-E479-4B8D-99BF-2AC6147C4490"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"operator": "OR",
|
|
"negate": false,
|
|
"cpeMatch": [
|
|
{
|
|
"vulnerable": false,
|
|
"criteria": "cpe:2.3:h:u-tec:ultraloq_ul3_bt:2nd_gen:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "AF2D1265-D7A7-4F4D-B0BC-DE788C2163A6"
|
|
}
|
|
]
|
|
}
|
|
]
|
|
}
|
|
],
|
|
"references": [
|
|
{
|
|
"url": "https://arxiv.org/abs/2312.00021",
|
|
"source": "cve@mitre.org"
|
|
},
|
|
{
|
|
"url": "https://www.researchgate.net/publication/375759408_Technical_Report_-_CVE-2022-46480_CVE-2023-26941_CVE-2023-26942_and_CVE-2023-26943#fullTextFileContent",
|
|
"source": "cve@mitre.org",
|
|
"tags": [
|
|
"Exploit",
|
|
"Technical Description",
|
|
"Third Party Advisory"
|
|
]
|
|
},
|
|
{
|
|
"url": "https://arxiv.org/abs/2312.00021",
|
|
"source": "af854a3a-2127-422b-91ae-364da2661108"
|
|
},
|
|
{
|
|
"url": "https://www.researchgate.net/publication/375759408_Technical_Report_-_CVE-2022-46480_CVE-2023-26941_CVE-2023-26942_and_CVE-2023-26943#fullTextFileContent",
|
|
"source": "af854a3a-2127-422b-91ae-364da2661108",
|
|
"tags": [
|
|
"Exploit",
|
|
"Technical Description",
|
|
"Third Party Advisory"
|
|
]
|
|
}
|
|
]
|
|
} |