CVE-2019-9483

{"id": "CVE-2019-9483", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 6.4, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 4.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV30": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 9.1, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.2, "exploitabilityScore": 3.9}]}, "published": "2019-03-01T05:29:01.133", "references": [{"url": "https://dojo.bullguard.com/dojo-by-bullguard/blog/ring/", "tags": ["Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://www.theverge.com/2019/2/27/18243296/ring-doorbell-hacked-fake-images-security-experts", "tags": ["Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://dojo.bullguard.com/dojo-by-bullguard/blog/ring/", "tags": ["Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://www.theverge.com/2019/2/27/18243296/ring-doorbell-hacked-fake-images-security-experts", "tags": ["Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-327"}]}], "descriptions": [{"lang": "en", "value": "Amazon Ring Doorbell before 3.4.7 mishandles encryption, which allows attackers to obtain audio and video data, or insert spoofed video that does not correspond to the actual person at the door."}, {"lang": "es", "value": "Ring Doorbell de Amazon, en versiones anteriores a la 3.4.7, gestiona el cifrado de manera incorrecta, lo que permite a los atacantes obtener los datos de audio y v\u00eddeo o insertar un v\u00eddeo suplantado que no corresponde a la persona real que se encuentra en la puerta."}], "lastModified": "2024-11-21T04:51:42.390", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:amazon:ring_video_doorbell_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4BDA71F8-60D9-42FC-A381-EDAB6E8C5BAC", "versionEndExcluding": "3.4.7"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:amazon:ring_video_doorbell:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "C3A0F9F1-DF23-4B91-8770-AB661B7DA517"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "cve@mitre.org"}