Search

Find a vulnerability

Search criteria

    2 vulnerabilities found for Pulse 4 by JBL

    CVE-2024-2105 (GCVE-0-2024-2105)

    Vulnerability from nvd – Published: 2025-12-10 13:01 – Updated: 2025-12-10 15:49
    VLAI
    Title
    JBL: Improper validation of ICM field in connection requests
    Summary
    An unauthorised attacker within bluetooth range may use an improper validation during the BLE connection request to deadlock the affected devices.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-1287 - Improper Validation of Specified Type of Input
    Assigner
    Credits
    Mattar Bernhard from Hummus Sec
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-2105",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-12-10T15:49:43.543497Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-12-10T15:49:54.790Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Flip 5",
              "vendor": "JBL",
              "versions": [
                {
                  "status": "affected",
                  "version": "*"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Flip 6",
              "vendor": "JBL",
              "versions": [
                {
                  "status": "affected",
                  "version": "*"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Pulse 4",
              "vendor": "JBL",
              "versions": [
                {
                  "status": "affected",
                  "version": "*"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Pulse 5",
              "vendor": "JBL",
              "versions": [
                {
                  "status": "affected",
                  "version": "*"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Boombox 2",
              "vendor": "JBL",
              "versions": [
                {
                  "status": "affected",
                  "version": "*"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Boombox 3",
              "vendor": "JBL",
              "versions": [
                {
                  "status": "affected",
                  "version": "*"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Xtreme 3",
              "vendor": "JBL",
              "versions": [
                {
                  "status": "affected",
                  "version": "*"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "user": "00000000-0000-4000-9000-000000000000",
              "value": "Mattar Bernhard from Hummus Sec"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "An unauthorised attacker within bluetooth range may use an improper validation during the BLE connection request to deadlock the affected devices."
                }
              ],
              "value": "An unauthorised attacker within bluetooth range may use an improper validation during the BLE connection request to deadlock the affected devices."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "ADJACENT_NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-1287",
                  "description": "CWE-1287 Improper Validation of Specified Type of Input",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-12-10T13:01:54.421Z",
            "orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
            "shortName": "CERTVDE"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://harman.csaf-tp.certvde.com/.well-known/csaf/white/2025/hbsa-2025-0002.json"
            },
            {
              "url": "https://certvde.com/en/advisories/VDE-2025-089"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "JBL: Improper validation of ICM field in connection requests",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
        "assignerShortName": "CERTVDE",
        "cveId": "CVE-2024-2105",
        "datePublished": "2025-12-10T13:01:54.421Z",
        "dateReserved": "2024-03-01T16:45:43.784Z",
        "dateUpdated": "2025-12-10T15:49:54.790Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2024-2105 (GCVE-0-2024-2105)

    Vulnerability from cvelistv5 – Published: 2025-12-10 13:01 – Updated: 2025-12-10 15:49
    VLAI
    Title
    JBL: Improper validation of ICM field in connection requests
    Summary
    An unauthorised attacker within bluetooth range may use an improper validation during the BLE connection request to deadlock the affected devices.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-1287 - Improper Validation of Specified Type of Input
    Assigner
    Credits
    Mattar Bernhard from Hummus Sec
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-2105",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-12-10T15:49:43.543497Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-12-10T15:49:54.790Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Flip 5",
              "vendor": "JBL",
              "versions": [
                {
                  "status": "affected",
                  "version": "*"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Flip 6",
              "vendor": "JBL",
              "versions": [
                {
                  "status": "affected",
                  "version": "*"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Pulse 4",
              "vendor": "JBL",
              "versions": [
                {
                  "status": "affected",
                  "version": "*"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Pulse 5",
              "vendor": "JBL",
              "versions": [
                {
                  "status": "affected",
                  "version": "*"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Boombox 2",
              "vendor": "JBL",
              "versions": [
                {
                  "status": "affected",
                  "version": "*"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Boombox 3",
              "vendor": "JBL",
              "versions": [
                {
                  "status": "affected",
                  "version": "*"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Xtreme 3",
              "vendor": "JBL",
              "versions": [
                {
                  "status": "affected",
                  "version": "*"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "user": "00000000-0000-4000-9000-000000000000",
              "value": "Mattar Bernhard from Hummus Sec"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "An unauthorised attacker within bluetooth range may use an improper validation during the BLE connection request to deadlock the affected devices."
                }
              ],
              "value": "An unauthorised attacker within bluetooth range may use an improper validation during the BLE connection request to deadlock the affected devices."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "ADJACENT_NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-1287",
                  "description": "CWE-1287 Improper Validation of Specified Type of Input",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-12-10T13:01:54.421Z",
            "orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
            "shortName": "CERTVDE"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://harman.csaf-tp.certvde.com/.well-known/csaf/white/2025/hbsa-2025-0002.json"
            },
            {
              "url": "https://certvde.com/en/advisories/VDE-2025-089"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "JBL: Improper validation of ICM field in connection requests",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
        "assignerShortName": "CERTVDE",
        "cveId": "CVE-2024-2105",
        "datePublished": "2025-12-10T13:01:54.421Z",
        "dateReserved": "2024-03-01T16:45:43.784Z",
        "dateUpdated": "2025-12-10T15:49:54.790Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }