CVE-2017-17860

{"id": "CVE-2017-17860", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 5.7, "accessVector": "ADJACENT_NETWORK", "vectorString": "AV:A/AC:M/Au:N/C:N/I:N/A:C", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "MEDIUM", "availabilityImpact": "COMPLETE", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 6.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 5.5, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}], "cvssMetricV30": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 5.7, "attackVector": "ADJACENT_NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 2.1}]}, "published": "2018-01-18T22:29:00.233", "references": [{"url": "https://drive.google.com/open?id=0B5L-0MoH_v7fcGljUS1SYnlkOHM", "tags": ["Exploit", "Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://drive.google.com/open?id=0B5L-0MoH_v7fcGljUS1SYnlkOHM", "tags": ["Exploit", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-20"}]}], "descriptions": [{"lang": "en", "value": "In Samsung Gear products, Bluetooth link key is updated to the different key which is same with attacker's link key. It can be attacked without user's intention only if attacker can reveal the Bluetooth address of target device and paired user's smartphone"}, {"lang": "es", "value": "En productos Samsung Gear, la clave de enlace Bluetooth se actualiza en la clave diferente, que es igual a la clave de enlace del atacante. Puede atacarse sin la intenci\u00f3n del usuario solo si el atacante puede revelar la direcci\u00f3n Bluetooth del dispositivo objetivo y el smartphone emparejado del usuario."}], "lastModified": "2024-11-21T03:18:50.310", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:google:android:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F8B9FEC8-73B6-43B8-B24E-1F7C20D91D26"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:samsung:gear_s2:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "80E04318-D715-4263-A869-C9203EB7CE75"}, {"criteria": "cpe:2.3:h:samsung:gear_s3:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "EB6F5890-C7A5-45B2-BADE-118B53BE2667"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "cve@mitre.org"}