CVE-2013-4877

The Verizon Wireless Network Extender SCS-26UC4 and SCS-2U01 does not use CAVE authentication, which makes it easier for remote attackers to obtain ESN and MIN values from arbitrary phones, and conduct cloning attacks, by sniffing the network for registration packets.

CVSS v2.0 2.6 LOW

2.6^/10

CVSS v2.0 : LOW

Vector : AV:L/AC:H/Au:N/C:P/I:P/A:N

Exploitability : 1.9 / Impact : 4.9

Access Vector LOCAL

Access Complexity HIGH

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact NONE

References

Link	Resource
http://www.kb.cert.org/vuls/id/458007	US Government Resource
http://www.kb.cert.org/vuls/id/BLUU-997M5B	US Government Resource
http://www.securityfocus.com/bid/61169
http://www.kb.cert.org/vuls/id/458007	US Government Resource
http://www.kb.cert.org/vuls/id/BLUU-997M5B	US Government Resource
http://www.securityfocus.com/bid/61169

Configurations

Configuration 1 (hide)

OR	cpe:2.3:h:verizon:wireless_network_extender:scs-2u01:::::::*
	cpe:2.3:h:verizon:wireless_network_extender:scs-26uc4:::::::*

History

No history.

Information

Published : 2013-07-18 16:51

Updated : 2025-04-11 00:51

NVD link : CVE-2013-4877

Mitre link : CVE-2013-4877

CVE.ORG link : CVE-2013-4877

JSON object : View

Products Affected

verizon

wireless_network_extender

CWE

CWE-287

Improper Authentication

{"id": "CVE-2013-4877", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 2.6, "accessVector": "LOCAL", "vectorString": "AV:L/AC:H/Au:N/C:P/I:P/A:N", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "HIGH", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 4.9, "baseSeverity": "LOW", "obtainAllPrivilege": false, "exploitabilityScore": 1.9, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2013-07-18T16:51:40.403", "references": [{"url": "http://www.kb.cert.org/vuls/id/458007", "tags": ["US Government Resource"], "source": "cve@mitre.org"}, {"url": "http://www.kb.cert.org/vuls/id/BLUU-997M5B", "tags": ["US Government Resource"], "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/61169", "source": "cve@mitre.org"}, {"url": "http://www.kb.cert.org/vuls/id/458007", "tags": ["US Government Resource"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.kb.cert.org/vuls/id/BLUU-997M5B", "tags": ["US Government Resource"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.securityfocus.com/bid/61169", "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Deferred", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-287"}]}], "descriptions": [{"lang": "en", "value": "The Verizon Wireless Network Extender SCS-26UC4 and SCS-2U01 does not use CAVE authentication, which makes it easier for remote attackers to obtain ESN and MIN values from arbitrary phones, and conduct cloning attacks, by sniffing the network for registration packets."}, {"lang": "es", "value": "El Verizon Wireless Network Extender SCS-26UC4 and SCS-2U01 no utiliza autenticaci\u00f3n CAVE, haciendo m\u00e1s f\u00e1cil para atacantes remotos obtener valores ESN y MIN desde tel\u00e9fonos arbitrarios, y llevar a cabo ataques de clonaci\u00f3n mediante la captura de paquetes."}], "lastModified": "2025-04-11T00:51:21.963", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:verizon:wireless_network_extender:scs-2u01:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D36CAEBA-1928-4DD0-B5DC-7A05B4C4FED7"}, {"criteria": "cpe:2.3:h:verizon:wireless_network_extender:scs-26uc4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2FF92731-EC8B-41F9-95BE-238B61F19EA9"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}