Search criteria
6 vulnerabilities found for p_smart_firmware by huawei
CVE-2019-19412 (GCVE-0-2019-19412)
Vulnerability from nvd – Published: 2020-06-08 18:21 – Updated: 2024-08-05 02:16
VLAI?
Summary
Huawei smart phones have a Factory Reset Protection (FRP) bypass security vulnerability. When re-configuring the mobile phone using the factory reset protection (FRP) function, an attacker login the Talkback mode and can perform some operations to install a third-Party application. Affected products can be found in https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200115-01-frp-en.
Severity ?
No CVSS data available.
CWE
- FRP Bypass
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Huawei | ALP-AL00B |
Affected:
earlier than 9.0.0.181(C00E87R2P20T8)
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T02:16:47.114Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200115-01-frp-en"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "ALP-AL00B",
"vendor": "Huawei",
"versions": [
{
"status": "affected",
"version": "earlier than 9.0.0.181(C00E87R2P20T8)"
}
]
},
{
"product": "ALP-L09",
"vendor": "Huawei",
"versions": [
{
"status": "affected",
"version": "earlier than 9.0.0.201(C432E4R1P9)"
}
]
},
{
"product": "ALP-L29",
"vendor": "Huawei",
"versions": [
{
"status": "affected",
"version": "earlier than 9.0.0.177(C185E2R1P12T8)"
},
{
"status": "affected",
"version": "earlier than 9.0.0.195(C636E2R1P12)"
}
]
},
{
"product": "Anne-AL00",
"vendor": "Huawei",
"versions": [
{
"status": "affected",
"version": "earlier than 8.0.0.168(C00)"
}
]
},
{
"product": "BLA-AL00B",
"vendor": "Huawei",
"versions": [
{
"status": "affected",
"version": "earlier than 9.0.0.181(C00E88R2P15T8)"
}
]
},
{
"product": "BLA-L09C",
"vendor": "Huawei",
"versions": [
{
"status": "affected",
"version": "earlier than 9.0.0.177(C185E2R1P13T8)"
},
{
"status": "affected",
"version": "earlier than 9.0.0.206(C432E4R1P11)"
}
]
},
{
"product": "BLA-L29C",
"vendor": "Huawei",
"versions": [
{
"status": "affected",
"version": "earlier than 9.0.0.179(C576E2R1P7T8)"
},
{
"status": "affected",
"version": "earlier than 9.0.0.194(C185E2R1P13)"
},
{
"status": "affected",
"version": "earlier than 9.0.0.206(C432E4R1P11)"
},
{
"status": "affected",
"version": "earlier than 9.0.0.210(C635E4R1P13)"
}
]
},
{
"product": "Berkeley-AL20",
"vendor": "Huawei",
"versions": [
{
"status": "affected",
"version": "earlier than 9.0.0.156(C00E156R2P14T8)"
}
]
},
{
"product": "Berkeley-L09",
"vendor": "Huawei",
"versions": [
{
"status": "affected",
"version": "earlier than 8.0.0.172(C432)"
},
{
"status": "affected",
"version": "earlier than 8.0.0.173(C636)"
}
]
},
{
"product": "Emily-L29C",
"vendor": "Huawei",
"versions": [
{
"status": "affected",
"version": "earlier than 9.0.0.159(C185E2R1P12T8)"
},
{
"status": "affected",
"version": "earlier than 9.0.0.159(C461E2R1P11T8)"
},
{
"status": "affected",
"version": "earlier than 9.0.0.160(C432E7R1P11T8)"
},
{
"status": "affected",
"version": "earlier than 9.0.0.165(C605E2R1P12)"
},
{
"status": "affected",
"version": "earlier than 9.0.0.168(C636E7R1P13T8)"
},
{
"status": "affected",
"version": "earlier than 9.0.0.168(C782E3R1P11T8)"
},
{
"status": "affected",
"version": "earlier than 9.0.0.196(C635E2R1P11T8)"
}
]
},
{
"product": "Figo-L03",
"vendor": "Huawei",
"versions": [
{
"status": "affected",
"version": "earlier than 9.1.0.130(C605E6R1P5T8)"
}
]
},
{
"product": "Figo-L21",
"vendor": "Huawei",
"versions": [
{
"status": "affected",
"version": "earlier than 9.1.0.130(C185E6R1P5T8)"
},
{
"status": "affected",
"version": "earlier than 9.1.0.130(C635E6R1P5T8)"
}
]
},
{
"product": "Figo-L23",
"vendor": "Huawei",
"versions": [
{
"status": "affected",
"version": "earlier than 9.1.0.130(C605E6R1P5T8)"
}
]
},
{
"product": "Figo-L31",
"vendor": "Huawei",
"versions": [
{
"status": "affected",
"version": "earlier than 9.1.0.130(C432E8R1P5T8)"
}
]
},
{
"product": "Florida-L03",
"vendor": "Huawei",
"versions": [
{
"status": "affected",
"version": "earlier than 9.1.0.121(C605E5R1P1T8)"
}
]
},
{
"product": "Florida-L21",
"vendor": "Huawei",
"versions": [
{
"status": "affected",
"version": "earlier than 8.0.0.129(C605)"
},
{
"status": "affected",
"version": "earlier than 8.0.0.131(C432)"
},
{
"status": "affected",
"version": "earlier than 8.0.0.132(C185)"
}
]
},
{
"product": "Florida-L22",
"vendor": "Huawei",
"versions": [
{
"status": "affected",
"version": "earlier than 8.0.0.132(C636)"
}
]
},
{
"product": "Florida-L23",
"vendor": "Huawei",
"versions": [
{
"status": "affected",
"version": "earlier than 8.0.0.144(C605)"
}
]
},
{
"product": "HUAWEI P smart",
"vendor": "Huawei",
"versions": [
{
"status": "affected",
"version": "earlier than 9.1.0.130(C185E6R1P5T8)"
},
{
"status": "affected",
"version": "earlier than 9.1.0.130(C605E6R1P5T8)"
}
]
},
{
"product": "HUAWEI P smart,HUAWEI Y7s",
"vendor": "Huawei",
"versions": [
{
"status": "affected",
"version": "earlier than 9.1.0.124(C636E6R1P5T8)"
}
]
},
{
"product": "HUAWEI P20 lite",
"vendor": "Huawei",
"versions": [
{
"status": "affected",
"version": "earlier than 8.0.0.148(C635)"
},
{
"status": "affected",
"version": "earlier than 8.0.0.155(C185)"
},
{
"status": "affected",
"version": "earlier than 8.0.0.155(C605)"
},
{
"status": "affected",
"version": "earlier than 8.0.0.156(C605)"
},
{
"status": "affected",
"version": "earlier than 8.0.0.157(C432)"
}
]
},
{
"product": "HUAWEI nova 3e,HUAWEI P20 lite",
"vendor": "Huawei",
"versions": [
{
"status": "affected",
"version": "earlier than 8.0.0.147(C461)"
},
{
"status": "affected",
"version": "earlier than 8.0.0.148(ZAFC185)"
},
{
"status": "affected",
"version": "earlier than 8.0.0.160(C185)"
},
{
"status": "affected",
"version": "earlier than 8.0.0.160(C605)"
},
{
"status": "affected",
"version": "earlier than 8.0.0.168(C432)"
},
{
"status": "affected",
"version": "earlier than 8.0.0.172(C636)"
}
]
},
{
"product": "Honor View 10",
"vendor": "Huawei",
"versions": [
{
"status": "affected",
"version": "earlier than 9.0.0.202(C567E6R1P12T8)"
}
]
},
{
"product": "Leland-AL00A",
"vendor": "Huawei",
"versions": [
{
"status": "affected",
"version": "earlier than 8.0.0.182(C00)"
}
]
},
{
"product": "Leland-L21A",
"vendor": "Huawei",
"versions": [
{
"status": "affected",
"version": "earlier than 8.0.0.135(C185)"
},
{
"status": "affected",
"version": "earlier than 9.1.0.118(C636E4R1P1T8)"
}
]
},
{
"product": "Leland-L22A",
"vendor": "Huawei",
"versions": [
{
"status": "affected",
"version": "earlier than 9.1.0.118(C636E4R1P1T8)"
}
]
},
{
"product": "Leland-L22C",
"vendor": "Huawei",
"versions": [
{
"status": "affected",
"version": "earlier than 9.1.0.118(C636E4R1P1T8)"
}
]
},
{
"product": "Leland-L31A",
"vendor": "Huawei",
"versions": [
{
"status": "affected",
"version": "earlier than 8.0.0.139(C432)"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Huawei smart phones have a Factory Reset Protection (FRP) bypass security vulnerability. When re-configuring the mobile phone using the factory reset protection (FRP) function, an attacker login the Talkback mode and can perform some operations to install a third-Party application. Affected products can be found in https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200115-01-frp-en."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "FRP Bypass",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-07-08T15:29:39",
"orgId": "25ac1063-e409-4190-8079-24548c77ea2e",
"shortName": "huawei"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200115-01-frp-en"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@huawei.com",
"ID": "CVE-2019-19412",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "ALP-AL00B",
"version": {
"version_data": [
{
"version_value": "earlier than 9.0.0.181(C00E87R2P20T8)"
}
]
}
},
{
"product_name": "ALP-L09",
"version": {
"version_data": [
{
"version_value": "earlier than 9.0.0.201(C432E4R1P9)"
}
]
}
},
{
"product_name": "ALP-L29",
"version": {
"version_data": [
{
"version_value": "earlier than 9.0.0.177(C185E2R1P12T8)"
},
{
"version_value": "earlier than 9.0.0.195(C636E2R1P12)"
}
]
}
},
{
"product_name": "Anne-AL00",
"version": {
"version_data": [
{
"version_value": "earlier than 8.0.0.168(C00)"
}
]
}
},
{
"product_name": "BLA-AL00B",
"version": {
"version_data": [
{
"version_value": "earlier than 9.0.0.181(C00E88R2P15T8)"
}
]
}
},
{
"product_name": "BLA-L09C",
"version": {
"version_data": [
{
"version_value": "earlier than 9.0.0.177(C185E2R1P13T8)"
},
{
"version_value": "earlier than 9.0.0.206(C432E4R1P11)"
}
]
}
},
{
"product_name": "BLA-L29C",
"version": {
"version_data": [
{
"version_value": "earlier than 9.0.0.179(C576E2R1P7T8)"
},
{
"version_value": "earlier than 9.0.0.194(C185E2R1P13)"
},
{
"version_value": "earlier than 9.0.0.206(C432E4R1P11)"
},
{
"version_value": "earlier than 9.0.0.210(C635E4R1P13)"
}
]
}
},
{
"product_name": "Berkeley-AL20",
"version": {
"version_data": [
{
"version_value": "earlier than 9.0.0.156(C00E156R2P14T8)"
}
]
}
},
{
"product_name": "Berkeley-L09",
"version": {
"version_data": [
{
"version_value": "earlier than 8.0.0.172(C432)"
},
{
"version_value": "earlier than 8.0.0.173(C636)"
}
]
}
},
{
"product_name": "Emily-L29C",
"version": {
"version_data": [
{
"version_value": "earlier than 9.0.0.159(C185E2R1P12T8)"
},
{
"version_value": "earlier than 9.0.0.159(C461E2R1P11T8)"
},
{
"version_value": "earlier than 9.0.0.160(C432E7R1P11T8)"
},
{
"version_value": "earlier than 9.0.0.165(C605E2R1P12)"
},
{
"version_value": "earlier than 9.0.0.168(C636E7R1P13T8)"
},
{
"version_value": "earlier than 9.0.0.168(C782E3R1P11T8)"
},
{
"version_value": "earlier than 9.0.0.196(C635E2R1P11T8)"
}
]
}
},
{
"product_name": "Figo-L03",
"version": {
"version_data": [
{
"version_value": "earlier than 9.1.0.130(C605E6R1P5T8)"
}
]
}
}
]
},
"vendor_name": "Huawei"
},
{
"product": {
"product_data": [
{
"product_name": "Figo-L21",
"version": {
"version_data": [
{
"version_value": "earlier than 9.1.0.130(C185E6R1P5T8)"
},
{
"version_value": "earlier than 9.1.0.130(C635E6R1P5T8)"
}
]
}
},
{
"product_name": "Figo-L23",
"version": {
"version_data": [
{
"version_value": "earlier than 9.1.0.130(C605E6R1P5T8)"
}
]
}
},
{
"product_name": "Figo-L31",
"version": {
"version_data": [
{
"version_value": "earlier than 9.1.0.130(C432E8R1P5T8)"
}
]
}
},
{
"product_name": "Florida-L03",
"version": {
"version_data": [
{
"version_value": "earlier than 9.1.0.121(C605E5R1P1T8)"
}
]
}
},
{
"product_name": "Florida-L21",
"version": {
"version_data": [
{
"version_value": "earlier than 8.0.0.129(C605)"
},
{
"version_value": "earlier than 8.0.0.131(C432)"
},
{
"version_value": "earlier than 8.0.0.132(C185)"
}
]
}
},
{
"product_name": "Florida-L22",
"version": {
"version_data": [
{
"version_value": "earlier than 8.0.0.132(C636)"
}
]
}
},
{
"product_name": "Florida-L23",
"version": {
"version_data": [
{
"version_value": "earlier than 8.0.0.144(C605)"
}
]
}
},
{
"product_name": "HUAWEI P smart",
"version": {
"version_data": [
{
"version_value": "earlier than 9.1.0.130(C185E6R1P5T8)"
},
{
"version_value": "earlier than 9.1.0.130(C605E6R1P5T8)"
}
]
}
},
{
"product_name": "HUAWEI P smart,HUAWEI Y7s",
"version": {
"version_data": [
{
"version_value": "earlier than 9.1.0.124(C636E6R1P5T8)"
}
]
}
},
{
"product_name": "HUAWEI P20 lite",
"version": {
"version_data": [
{
"version_value": "earlier than 8.0.0.148(C635)"
},
{
"version_value": "earlier than 8.0.0.155(C185)"
},
{
"version_value": "earlier than 8.0.0.155(C605)"
},
{
"version_value": "earlier than 8.0.0.156(C605)"
},
{
"version_value": "earlier than 8.0.0.157(C432)"
}
]
}
},
{
"product_name": "HUAWEI nova 3e,HUAWEI P20 lite",
"version": {
"version_data": [
{
"version_value": "earlier than 8.0.0.147(C461)"
},
{
"version_value": "earlier than 8.0.0.148(ZAFC185)"
},
{
"version_value": "earlier than 8.0.0.160(C185)"
},
{
"version_value": "earlier than 8.0.0.160(C605)"
},
{
"version_value": "earlier than 8.0.0.168(C432)"
},
{
"version_value": "earlier than 8.0.0.172(C636)"
}
]
}
}
]
},
"vendor_name": "Huawei"
},
{
"product": {
"product_data": [
{
"product_name": "Honor View 10",
"version": {
"version_data": [
{
"version_value": "earlier than 9.0.0.202(C567E6R1P12T8)"
}
]
}
},
{
"product_name": "Leland-AL00A",
"version": {
"version_data": [
{
"version_value": "earlier than 8.0.0.182(C00)"
}
]
}
},
{
"product_name": "Leland-L21A",
"version": {
"version_data": [
{
"version_value": "earlier than 8.0.0.135(C185)"
},
{
"version_value": "earlier than 9.1.0.118(C636E4R1P1T8)"
}
]
}
},
{
"product_name": "Leland-L22A",
"version": {
"version_data": [
{
"version_value": "earlier than 9.1.0.118(C636E4R1P1T8)"
}
]
}
},
{
"product_name": "Leland-L22C",
"version": {
"version_data": [
{
"version_value": "earlier than 9.1.0.118(C636E4R1P1T8)"
}
]
}
},
{
"product_name": "Leland-L31A",
"version": {
"version_data": [
{
"version_value": "earlier than 8.0.0.139(C432)"
}
]
}
}
]
},
"vendor_name": "Huawei"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Huawei smart phones have a Factory Reset Protection (FRP) bypass security vulnerability. When re-configuring the mobile phone using the factory reset protection (FRP) function, an attacker login the Talkback mode and can perform some operations to install a third-Party application. Affected products can be found in https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200115-01-frp-en."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "FRP Bypass"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200115-01-frp-en",
"refsource": "CONFIRM",
"url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200115-01-frp-en"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "25ac1063-e409-4190-8079-24548c77ea2e",
"assignerShortName": "huawei",
"cveId": "CVE-2019-19412",
"datePublished": "2020-06-08T18:21:28",
"dateReserved": "2019-11-29T00:00:00",
"dateUpdated": "2024-08-05T02:16:47.114Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-0022 (GCVE-0-2020-0022)
Vulnerability from nvd – Published: 2020-02-13 14:21 – Updated: 2024-08-04 05:47
VLAI?
Summary
In reassemble_and_dispatch of packet_fragmenter.cc, there is possible out of bounds write due to an incorrect bounds calculation. This could lead to remote code execution over Bluetooth with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1 Android-9 Android-10Android ID: A-143894715
Severity ?
8.8 (High)
CWE
- Denial of service
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
Impacted products
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:o:google:android:8.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "android",
"vendor": "google",
"versions": [
{
"status": "affected",
"version": "8.0"
}
]
},
{
"cpes": [
"cpe:2.3:o:google:android:9.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "android",
"vendor": "google",
"versions": [
{
"status": "affected",
"version": "9.0"
}
]
},
{
"cpes": [
"cpe:2.3:o:google:android:10.0:-:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "android",
"vendor": "google",
"versions": [
{
"status": "affected",
"version": "10.0"
}
]
},
{
"cpes": [
"cpe:2.3:o:google:android:8.1:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "android",
"vendor": "google",
"versions": [
{
"status": "affected",
"version": "8.1"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2020-0022",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-28T13:54:56.691635Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-682",
"description": "CWE-682 Incorrect Calculation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-07-28T14:00:17.318Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-04T05:47:40.847Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://source.android.com/security/bulletin/2020-02-01"
},
{
"name": "20200214 Re: [FD] Critical Bluetooth Vulnerability in Android (CVE-2020-0022) - BlueFrag",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2020/Feb/10"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/156891/Android-Bluetooth-Remote-Denial-Of-Service.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200513-03-smartphone-en"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Android",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Android-8.0 Android-8.1 Android-9 Android-10"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In reassemble_and_dispatch of packet_fragmenter.cc, there is possible out of bounds write due to an incorrect bounds calculation. This could lead to remote code execution over Bluetooth with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1 Android-9 Android-10Android ID: A-143894715"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Denial of service",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-05-13T13:06:27",
"orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6",
"shortName": "google_android"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://source.android.com/security/bulletin/2020-02-01"
},
{
"name": "20200214 Re: [FD] Critical Bluetooth Vulnerability in Android (CVE-2020-0022) - BlueFrag",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2020/Feb/10"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/156891/Android-Bluetooth-Remote-Denial-Of-Service.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200513-03-smartphone-en"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@android.com",
"ID": "CVE-2020-0022",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Android",
"version": {
"version_data": [
{
"version_value": "Android-8.0 Android-8.1 Android-9 Android-10"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In reassemble_and_dispatch of packet_fragmenter.cc, there is possible out of bounds write due to an incorrect bounds calculation. This could lead to remote code execution over Bluetooth with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1 Android-9 Android-10Android ID: A-143894715"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Denial of service"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://source.android.com/security/bulletin/2020-02-01",
"refsource": "MISC",
"url": "https://source.android.com/security/bulletin/2020-02-01"
},
{
"name": "20200214 Re: [FD] Critical Bluetooth Vulnerability in Android (CVE-2020-0022) - BlueFrag",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2020/Feb/10"
},
{
"name": "http://packetstormsecurity.com/files/156891/Android-Bluetooth-Remote-Denial-Of-Service.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/156891/Android-Bluetooth-Remote-Denial-Of-Service.html"
},
{
"name": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200513-03-smartphone-en",
"refsource": "CONFIRM",
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200513-03-smartphone-en"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6",
"assignerShortName": "google_android",
"cveId": "CVE-2020-0022",
"datePublished": "2020-02-13T14:21:41",
"dateReserved": "2019-10-17T00:00:00",
"dateUpdated": "2024-08-04T05:47:40.847Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-9506 (GCVE-0-2019-9506)
Vulnerability from nvd – Published: 2019-08-14 16:27 – Updated: 2024-09-16 19:14
VLAI?
Title
Blutooth BR/EDR specification does not specify sufficient encryption key length and allows an attacker to influence key length negotiation
Summary
The Bluetooth BR/EDR specification up to and including version 5.1 permits sufficiently low encryption key length and does not prevent an attacker from influencing the key length negotiation. This allows practical brute-force attacks (aka "KNOB") that can decrypt traffic and inject arbitrary ciphertext without the victim noticing.
Severity ?
7.6 (High)
CWE
- CWE-310 - Cryptographic Issues
Assigner
References
Credits
Daniele Antonioli‚ Nils Ole Tippenhauer, Kasper Rasmussen
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T21:54:44.303Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "VU#918987",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "https://www.kb.cert.org/vuls/id/918987/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.cs.ox.ac.uk/publications/publication12404-abstract.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.usenix.org/conference/usenixsecurity19/presentation/antonioli"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.bluetooth.com/security/statement-key-negotiation-of-bluetooth/"
},
{
"name": "20190816 APPLE-SA-2019-8-13-3 Additional information for APPLE-SA-2019-7-22-4 watchOS 5.3",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2019/Aug/14"
},
{
"name": "20190816 APPLE-SA-2019-8-13-1 Additional information for APPLE-SA-2019-7-22-2 macOS Mojave 10.14.6, Security Update 2019-004 High Sierra, Security Update 2019-004 Sierra",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2019/Aug/11"
},
{
"name": "20190816 APPLE-SA-2019-8-13-2 Additional information for APPLE-SA-2019-7-22-1 iOS 12.4",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2019/Aug/13"
},
{
"name": "20190816 APPLE-SA-2019-8-13-4 Additional information for APPLE-SA-2019-7-22-5 tvOS 12.4",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2019/Aug/15"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20190828-01-knob-en"
},
{
"name": "USN-4115-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/4115-1/"
},
{
"name": "USN-4118-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/4118-1/"
},
{
"name": "[debian-lts-announce] 20190914 [SECURITY] [DLA 1919-1] linux-4.9 security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/09/msg00014.html"
},
{
"name": "[debian-lts-announce] 20190915 [SECURITY] [DLA 1919-2] linux-4.9 security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/09/msg00015.html"
},
{
"name": "[debian-lts-announce] 20190925 [SECURITY] [DLA 1930-1] linux security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/09/msg00025.html"
},
{
"name": "USN-4147-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/4147-1/"
},
{
"name": "RHSA-2019:2975",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2975"
},
{
"name": "openSUSE-SU-2019:2307",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00037.html"
},
{
"name": "openSUSE-SU-2019:2308",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00036.html"
},
{
"name": "RHSA-2019:3076",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:3076"
},
{
"name": "RHSA-2019:3055",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:3055"
},
{
"name": "RHSA-2019:3089",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:3089"
},
{
"name": "RHSA-2019:3187",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:3187"
},
{
"name": "RHSA-2019:3165",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:3165"
},
{
"name": "RHSA-2019:3217",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:3217"
},
{
"name": "RHSA-2019:3220",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:3220"
},
{
"name": "RHSA-2019:3231",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:3231"
},
{
"name": "RHSA-2019:3218",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:3218"
},
{
"name": "RHSA-2019:3309",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:3309"
},
{
"name": "RHSA-2019:3517",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:3517"
},
{
"name": "RHSA-2020:0204",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2020:0204"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"platforms": [
"N/A"
],
"product": "BR/EDR",
"vendor": "Bluetooth",
"versions": [
{
"lessThanOrEqual": "5.1",
"status": "affected",
"version": "5.1",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Daniele Antonioli\u201a Nils Ole Tippenhauer, Kasper Rasmussen"
}
],
"datePublic": "2019-08-14T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The Bluetooth BR/EDR specification up to and including version 5.1 permits sufficiently low encryption key length and does not prevent an attacker from influencing the key length negotiation. This allows practical brute-force attacks (aka \"KNOB\") that can decrypt traffic and inject arbitrary ciphertext without the victim noticing."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-310",
"description": "CWE-310 Cryptographic Issues",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-01-30T10:06:23",
"orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"shortName": "certcc"
},
"references": [
{
"name": "VU#918987",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "https://www.kb.cert.org/vuls/id/918987/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.cs.ox.ac.uk/publications/publication12404-abstract.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.usenix.org/conference/usenixsecurity19/presentation/antonioli"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.bluetooth.com/security/statement-key-negotiation-of-bluetooth/"
},
{
"name": "20190816 APPLE-SA-2019-8-13-3 Additional information for APPLE-SA-2019-7-22-4 watchOS 5.3",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2019/Aug/14"
},
{
"name": "20190816 APPLE-SA-2019-8-13-1 Additional information for APPLE-SA-2019-7-22-2 macOS Mojave 10.14.6, Security Update 2019-004 High Sierra, Security Update 2019-004 Sierra",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2019/Aug/11"
},
{
"name": "20190816 APPLE-SA-2019-8-13-2 Additional information for APPLE-SA-2019-7-22-1 iOS 12.4",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2019/Aug/13"
},
{
"name": "20190816 APPLE-SA-2019-8-13-4 Additional information for APPLE-SA-2019-7-22-5 tvOS 12.4",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2019/Aug/15"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20190828-01-knob-en"
},
{
"name": "USN-4115-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/4115-1/"
},
{
"name": "USN-4118-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/4118-1/"
},
{
"name": "[debian-lts-announce] 20190914 [SECURITY] [DLA 1919-1] linux-4.9 security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/09/msg00014.html"
},
{
"name": "[debian-lts-announce] 20190915 [SECURITY] [DLA 1919-2] linux-4.9 security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/09/msg00015.html"
},
{
"name": "[debian-lts-announce] 20190925 [SECURITY] [DLA 1930-1] linux security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/09/msg00025.html"
},
{
"name": "USN-4147-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/4147-1/"
},
{
"name": "RHSA-2019:2975",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2975"
},
{
"name": "openSUSE-SU-2019:2307",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00037.html"
},
{
"name": "openSUSE-SU-2019:2308",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00036.html"
},
{
"name": "RHSA-2019:3076",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:3076"
},
{
"name": "RHSA-2019:3055",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:3055"
},
{
"name": "RHSA-2019:3089",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:3089"
},
{
"name": "RHSA-2019:3187",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:3187"
},
{
"name": "RHSA-2019:3165",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:3165"
},
{
"name": "RHSA-2019:3217",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:3217"
},
{
"name": "RHSA-2019:3220",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:3220"
},
{
"name": "RHSA-2019:3231",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:3231"
},
{
"name": "RHSA-2019:3218",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:3218"
},
{
"name": "RHSA-2019:3309",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:3309"
},
{
"name": "RHSA-2019:3517",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:3517"
},
{
"name": "RHSA-2020:0204",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2020:0204"
}
],
"source": {
"advisory": "VU#918987",
"defect": [
"VU#918987"
],
"discovery": "EXTERNAL"
},
"title": "Blutooth BR/EDR specification does not specify sufficient encryption key length and allows an attacker to influence key length negotiation",
"workarounds": [
{
"lang": "en",
"value": "Bluetooth SIG Expedited Errata Correction 11838"
}
],
"x_generator": {
"engine": "Vulnogram 0.0.7"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"AKA": "KNOB",
"ASSIGNER": "cert@cert.org",
"DATE_PUBLIC": "2019-08-14",
"ID": "CVE-2019-9506",
"STATE": "PUBLIC",
"TITLE": "Blutooth BR/EDR specification does not specify sufficient encryption key length and allows an attacker to influence key length negotiation"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "BR/EDR",
"version": {
"version_data": [
{
"platform": "N/A",
"version_affected": "\u003c=",
"version_name": "5.1",
"version_value": "5.1"
}
]
}
}
]
},
"vendor_name": "Bluetooth"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Daniele Antonioli\u201a Nils Ole Tippenhauer, Kasper Rasmussen"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Bluetooth BR/EDR specification up to and including version 5.1 permits sufficiently low encryption key length and does not prevent an attacker from influencing the key length negotiation. This allows practical brute-force attacks (aka \"KNOB\") that can decrypt traffic and inject arbitrary ciphertext without the victim noticing."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.7"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-310 Cryptographic Issues"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "VU#918987",
"refsource": "CERT-VN",
"url": "https://www.kb.cert.org/vuls/id/918987/"
},
{
"name": "http://www.cs.ox.ac.uk/publications/publication12404-abstract.html",
"refsource": "MISC",
"url": "http://www.cs.ox.ac.uk/publications/publication12404-abstract.html"
},
{
"name": "https://www.usenix.org/conference/usenixsecurity19/presentation/antonioli",
"refsource": "MISC",
"url": "https://www.usenix.org/conference/usenixsecurity19/presentation/antonioli"
},
{
"name": "https://www.bluetooth.com/security/statement-key-negotiation-of-bluetooth/",
"refsource": "CONFIRM",
"url": "https://www.bluetooth.com/security/statement-key-negotiation-of-bluetooth/"
},
{
"name": "20190816 APPLE-SA-2019-8-13-3 Additional information for APPLE-SA-2019-7-22-4 watchOS 5.3",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2019/Aug/14"
},
{
"name": "20190816 APPLE-SA-2019-8-13-1 Additional information for APPLE-SA-2019-7-22-2 macOS Mojave 10.14.6, Security Update 2019-004 High Sierra, Security Update 2019-004 Sierra",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2019/Aug/11"
},
{
"name": "20190816 APPLE-SA-2019-8-13-2 Additional information for APPLE-SA-2019-7-22-1 iOS 12.4",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2019/Aug/13"
},
{
"name": "20190816 APPLE-SA-2019-8-13-4 Additional information for APPLE-SA-2019-7-22-5 tvOS 12.4",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2019/Aug/15"
},
{
"name": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20190828-01-knob-en",
"refsource": "CONFIRM",
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20190828-01-knob-en"
},
{
"name": "USN-4115-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/4115-1/"
},
{
"name": "USN-4118-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/4118-1/"
},
{
"name": "[debian-lts-announce] 20190914 [SECURITY] [DLA 1919-1] linux-4.9 security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2019/09/msg00014.html"
},
{
"name": "[debian-lts-announce] 20190915 [SECURITY] [DLA 1919-2] linux-4.9 security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2019/09/msg00015.html"
},
{
"name": "[debian-lts-announce] 20190925 [SECURITY] [DLA 1930-1] linux security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2019/09/msg00025.html"
},
{
"name": "USN-4147-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/4147-1/"
},
{
"name": "RHSA-2019:2975",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:2975"
},
{
"name": "openSUSE-SU-2019:2307",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00037.html"
},
{
"name": "openSUSE-SU-2019:2308",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00036.html"
},
{
"name": "RHSA-2019:3076",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:3076"
},
{
"name": "RHSA-2019:3055",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:3055"
},
{
"name": "RHSA-2019:3089",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:3089"
},
{
"name": "RHSA-2019:3187",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:3187"
},
{
"name": "RHSA-2019:3165",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:3165"
},
{
"name": "RHSA-2019:3217",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:3217"
},
{
"name": "RHSA-2019:3220",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:3220"
},
{
"name": "RHSA-2019:3231",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:3231"
},
{
"name": "RHSA-2019:3218",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:3218"
},
{
"name": "RHSA-2019:3309",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:3309"
},
{
"name": "RHSA-2019:3517",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:3517"
},
{
"name": "RHSA-2020:0204",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2020:0204"
}
]
},
"source": {
"advisory": "VU#918987",
"defect": [
"VU#918987"
],
"discovery": "EXTERNAL"
},
"work_around": [
{
"lang": "en",
"value": "Bluetooth SIG Expedited Errata Correction 11838"
}
]
}
}
},
"cveMetadata": {
"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"assignerShortName": "certcc",
"cveId": "CVE-2019-9506",
"datePublished": "2019-08-14T16:27:45.059869Z",
"dateReserved": "2019-03-01T00:00:00",
"dateUpdated": "2024-09-16T19:14:13.573Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-19412 (GCVE-0-2019-19412)
Vulnerability from cvelistv5 – Published: 2020-06-08 18:21 – Updated: 2024-08-05 02:16
VLAI?
Summary
Huawei smart phones have a Factory Reset Protection (FRP) bypass security vulnerability. When re-configuring the mobile phone using the factory reset protection (FRP) function, an attacker login the Talkback mode and can perform some operations to install a third-Party application. Affected products can be found in https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200115-01-frp-en.
Severity ?
No CVSS data available.
CWE
- FRP Bypass
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Huawei | ALP-AL00B |
Affected:
earlier than 9.0.0.181(C00E87R2P20T8)
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T02:16:47.114Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200115-01-frp-en"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "ALP-AL00B",
"vendor": "Huawei",
"versions": [
{
"status": "affected",
"version": "earlier than 9.0.0.181(C00E87R2P20T8)"
}
]
},
{
"product": "ALP-L09",
"vendor": "Huawei",
"versions": [
{
"status": "affected",
"version": "earlier than 9.0.0.201(C432E4R1P9)"
}
]
},
{
"product": "ALP-L29",
"vendor": "Huawei",
"versions": [
{
"status": "affected",
"version": "earlier than 9.0.0.177(C185E2R1P12T8)"
},
{
"status": "affected",
"version": "earlier than 9.0.0.195(C636E2R1P12)"
}
]
},
{
"product": "Anne-AL00",
"vendor": "Huawei",
"versions": [
{
"status": "affected",
"version": "earlier than 8.0.0.168(C00)"
}
]
},
{
"product": "BLA-AL00B",
"vendor": "Huawei",
"versions": [
{
"status": "affected",
"version": "earlier than 9.0.0.181(C00E88R2P15T8)"
}
]
},
{
"product": "BLA-L09C",
"vendor": "Huawei",
"versions": [
{
"status": "affected",
"version": "earlier than 9.0.0.177(C185E2R1P13T8)"
},
{
"status": "affected",
"version": "earlier than 9.0.0.206(C432E4R1P11)"
}
]
},
{
"product": "BLA-L29C",
"vendor": "Huawei",
"versions": [
{
"status": "affected",
"version": "earlier than 9.0.0.179(C576E2R1P7T8)"
},
{
"status": "affected",
"version": "earlier than 9.0.0.194(C185E2R1P13)"
},
{
"status": "affected",
"version": "earlier than 9.0.0.206(C432E4R1P11)"
},
{
"status": "affected",
"version": "earlier than 9.0.0.210(C635E4R1P13)"
}
]
},
{
"product": "Berkeley-AL20",
"vendor": "Huawei",
"versions": [
{
"status": "affected",
"version": "earlier than 9.0.0.156(C00E156R2P14T8)"
}
]
},
{
"product": "Berkeley-L09",
"vendor": "Huawei",
"versions": [
{
"status": "affected",
"version": "earlier than 8.0.0.172(C432)"
},
{
"status": "affected",
"version": "earlier than 8.0.0.173(C636)"
}
]
},
{
"product": "Emily-L29C",
"vendor": "Huawei",
"versions": [
{
"status": "affected",
"version": "earlier than 9.0.0.159(C185E2R1P12T8)"
},
{
"status": "affected",
"version": "earlier than 9.0.0.159(C461E2R1P11T8)"
},
{
"status": "affected",
"version": "earlier than 9.0.0.160(C432E7R1P11T8)"
},
{
"status": "affected",
"version": "earlier than 9.0.0.165(C605E2R1P12)"
},
{
"status": "affected",
"version": "earlier than 9.0.0.168(C636E7R1P13T8)"
},
{
"status": "affected",
"version": "earlier than 9.0.0.168(C782E3R1P11T8)"
},
{
"status": "affected",
"version": "earlier than 9.0.0.196(C635E2R1P11T8)"
}
]
},
{
"product": "Figo-L03",
"vendor": "Huawei",
"versions": [
{
"status": "affected",
"version": "earlier than 9.1.0.130(C605E6R1P5T8)"
}
]
},
{
"product": "Figo-L21",
"vendor": "Huawei",
"versions": [
{
"status": "affected",
"version": "earlier than 9.1.0.130(C185E6R1P5T8)"
},
{
"status": "affected",
"version": "earlier than 9.1.0.130(C635E6R1P5T8)"
}
]
},
{
"product": "Figo-L23",
"vendor": "Huawei",
"versions": [
{
"status": "affected",
"version": "earlier than 9.1.0.130(C605E6R1P5T8)"
}
]
},
{
"product": "Figo-L31",
"vendor": "Huawei",
"versions": [
{
"status": "affected",
"version": "earlier than 9.1.0.130(C432E8R1P5T8)"
}
]
},
{
"product": "Florida-L03",
"vendor": "Huawei",
"versions": [
{
"status": "affected",
"version": "earlier than 9.1.0.121(C605E5R1P1T8)"
}
]
},
{
"product": "Florida-L21",
"vendor": "Huawei",
"versions": [
{
"status": "affected",
"version": "earlier than 8.0.0.129(C605)"
},
{
"status": "affected",
"version": "earlier than 8.0.0.131(C432)"
},
{
"status": "affected",
"version": "earlier than 8.0.0.132(C185)"
}
]
},
{
"product": "Florida-L22",
"vendor": "Huawei",
"versions": [
{
"status": "affected",
"version": "earlier than 8.0.0.132(C636)"
}
]
},
{
"product": "Florida-L23",
"vendor": "Huawei",
"versions": [
{
"status": "affected",
"version": "earlier than 8.0.0.144(C605)"
}
]
},
{
"product": "HUAWEI P smart",
"vendor": "Huawei",
"versions": [
{
"status": "affected",
"version": "earlier than 9.1.0.130(C185E6R1P5T8)"
},
{
"status": "affected",
"version": "earlier than 9.1.0.130(C605E6R1P5T8)"
}
]
},
{
"product": "HUAWEI P smart,HUAWEI Y7s",
"vendor": "Huawei",
"versions": [
{
"status": "affected",
"version": "earlier than 9.1.0.124(C636E6R1P5T8)"
}
]
},
{
"product": "HUAWEI P20 lite",
"vendor": "Huawei",
"versions": [
{
"status": "affected",
"version": "earlier than 8.0.0.148(C635)"
},
{
"status": "affected",
"version": "earlier than 8.0.0.155(C185)"
},
{
"status": "affected",
"version": "earlier than 8.0.0.155(C605)"
},
{
"status": "affected",
"version": "earlier than 8.0.0.156(C605)"
},
{
"status": "affected",
"version": "earlier than 8.0.0.157(C432)"
}
]
},
{
"product": "HUAWEI nova 3e,HUAWEI P20 lite",
"vendor": "Huawei",
"versions": [
{
"status": "affected",
"version": "earlier than 8.0.0.147(C461)"
},
{
"status": "affected",
"version": "earlier than 8.0.0.148(ZAFC185)"
},
{
"status": "affected",
"version": "earlier than 8.0.0.160(C185)"
},
{
"status": "affected",
"version": "earlier than 8.0.0.160(C605)"
},
{
"status": "affected",
"version": "earlier than 8.0.0.168(C432)"
},
{
"status": "affected",
"version": "earlier than 8.0.0.172(C636)"
}
]
},
{
"product": "Honor View 10",
"vendor": "Huawei",
"versions": [
{
"status": "affected",
"version": "earlier than 9.0.0.202(C567E6R1P12T8)"
}
]
},
{
"product": "Leland-AL00A",
"vendor": "Huawei",
"versions": [
{
"status": "affected",
"version": "earlier than 8.0.0.182(C00)"
}
]
},
{
"product": "Leland-L21A",
"vendor": "Huawei",
"versions": [
{
"status": "affected",
"version": "earlier than 8.0.0.135(C185)"
},
{
"status": "affected",
"version": "earlier than 9.1.0.118(C636E4R1P1T8)"
}
]
},
{
"product": "Leland-L22A",
"vendor": "Huawei",
"versions": [
{
"status": "affected",
"version": "earlier than 9.1.0.118(C636E4R1P1T8)"
}
]
},
{
"product": "Leland-L22C",
"vendor": "Huawei",
"versions": [
{
"status": "affected",
"version": "earlier than 9.1.0.118(C636E4R1P1T8)"
}
]
},
{
"product": "Leland-L31A",
"vendor": "Huawei",
"versions": [
{
"status": "affected",
"version": "earlier than 8.0.0.139(C432)"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Huawei smart phones have a Factory Reset Protection (FRP) bypass security vulnerability. When re-configuring the mobile phone using the factory reset protection (FRP) function, an attacker login the Talkback mode and can perform some operations to install a third-Party application. Affected products can be found in https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200115-01-frp-en."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "FRP Bypass",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-07-08T15:29:39",
"orgId": "25ac1063-e409-4190-8079-24548c77ea2e",
"shortName": "huawei"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200115-01-frp-en"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@huawei.com",
"ID": "CVE-2019-19412",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "ALP-AL00B",
"version": {
"version_data": [
{
"version_value": "earlier than 9.0.0.181(C00E87R2P20T8)"
}
]
}
},
{
"product_name": "ALP-L09",
"version": {
"version_data": [
{
"version_value": "earlier than 9.0.0.201(C432E4R1P9)"
}
]
}
},
{
"product_name": "ALP-L29",
"version": {
"version_data": [
{
"version_value": "earlier than 9.0.0.177(C185E2R1P12T8)"
},
{
"version_value": "earlier than 9.0.0.195(C636E2R1P12)"
}
]
}
},
{
"product_name": "Anne-AL00",
"version": {
"version_data": [
{
"version_value": "earlier than 8.0.0.168(C00)"
}
]
}
},
{
"product_name": "BLA-AL00B",
"version": {
"version_data": [
{
"version_value": "earlier than 9.0.0.181(C00E88R2P15T8)"
}
]
}
},
{
"product_name": "BLA-L09C",
"version": {
"version_data": [
{
"version_value": "earlier than 9.0.0.177(C185E2R1P13T8)"
},
{
"version_value": "earlier than 9.0.0.206(C432E4R1P11)"
}
]
}
},
{
"product_name": "BLA-L29C",
"version": {
"version_data": [
{
"version_value": "earlier than 9.0.0.179(C576E2R1P7T8)"
},
{
"version_value": "earlier than 9.0.0.194(C185E2R1P13)"
},
{
"version_value": "earlier than 9.0.0.206(C432E4R1P11)"
},
{
"version_value": "earlier than 9.0.0.210(C635E4R1P13)"
}
]
}
},
{
"product_name": "Berkeley-AL20",
"version": {
"version_data": [
{
"version_value": "earlier than 9.0.0.156(C00E156R2P14T8)"
}
]
}
},
{
"product_name": "Berkeley-L09",
"version": {
"version_data": [
{
"version_value": "earlier than 8.0.0.172(C432)"
},
{
"version_value": "earlier than 8.0.0.173(C636)"
}
]
}
},
{
"product_name": "Emily-L29C",
"version": {
"version_data": [
{
"version_value": "earlier than 9.0.0.159(C185E2R1P12T8)"
},
{
"version_value": "earlier than 9.0.0.159(C461E2R1P11T8)"
},
{
"version_value": "earlier than 9.0.0.160(C432E7R1P11T8)"
},
{
"version_value": "earlier than 9.0.0.165(C605E2R1P12)"
},
{
"version_value": "earlier than 9.0.0.168(C636E7R1P13T8)"
},
{
"version_value": "earlier than 9.0.0.168(C782E3R1P11T8)"
},
{
"version_value": "earlier than 9.0.0.196(C635E2R1P11T8)"
}
]
}
},
{
"product_name": "Figo-L03",
"version": {
"version_data": [
{
"version_value": "earlier than 9.1.0.130(C605E6R1P5T8)"
}
]
}
}
]
},
"vendor_name": "Huawei"
},
{
"product": {
"product_data": [
{
"product_name": "Figo-L21",
"version": {
"version_data": [
{
"version_value": "earlier than 9.1.0.130(C185E6R1P5T8)"
},
{
"version_value": "earlier than 9.1.0.130(C635E6R1P5T8)"
}
]
}
},
{
"product_name": "Figo-L23",
"version": {
"version_data": [
{
"version_value": "earlier than 9.1.0.130(C605E6R1P5T8)"
}
]
}
},
{
"product_name": "Figo-L31",
"version": {
"version_data": [
{
"version_value": "earlier than 9.1.0.130(C432E8R1P5T8)"
}
]
}
},
{
"product_name": "Florida-L03",
"version": {
"version_data": [
{
"version_value": "earlier than 9.1.0.121(C605E5R1P1T8)"
}
]
}
},
{
"product_name": "Florida-L21",
"version": {
"version_data": [
{
"version_value": "earlier than 8.0.0.129(C605)"
},
{
"version_value": "earlier than 8.0.0.131(C432)"
},
{
"version_value": "earlier than 8.0.0.132(C185)"
}
]
}
},
{
"product_name": "Florida-L22",
"version": {
"version_data": [
{
"version_value": "earlier than 8.0.0.132(C636)"
}
]
}
},
{
"product_name": "Florida-L23",
"version": {
"version_data": [
{
"version_value": "earlier than 8.0.0.144(C605)"
}
]
}
},
{
"product_name": "HUAWEI P smart",
"version": {
"version_data": [
{
"version_value": "earlier than 9.1.0.130(C185E6R1P5T8)"
},
{
"version_value": "earlier than 9.1.0.130(C605E6R1P5T8)"
}
]
}
},
{
"product_name": "HUAWEI P smart,HUAWEI Y7s",
"version": {
"version_data": [
{
"version_value": "earlier than 9.1.0.124(C636E6R1P5T8)"
}
]
}
},
{
"product_name": "HUAWEI P20 lite",
"version": {
"version_data": [
{
"version_value": "earlier than 8.0.0.148(C635)"
},
{
"version_value": "earlier than 8.0.0.155(C185)"
},
{
"version_value": "earlier than 8.0.0.155(C605)"
},
{
"version_value": "earlier than 8.0.0.156(C605)"
},
{
"version_value": "earlier than 8.0.0.157(C432)"
}
]
}
},
{
"product_name": "HUAWEI nova 3e,HUAWEI P20 lite",
"version": {
"version_data": [
{
"version_value": "earlier than 8.0.0.147(C461)"
},
{
"version_value": "earlier than 8.0.0.148(ZAFC185)"
},
{
"version_value": "earlier than 8.0.0.160(C185)"
},
{
"version_value": "earlier than 8.0.0.160(C605)"
},
{
"version_value": "earlier than 8.0.0.168(C432)"
},
{
"version_value": "earlier than 8.0.0.172(C636)"
}
]
}
}
]
},
"vendor_name": "Huawei"
},
{
"product": {
"product_data": [
{
"product_name": "Honor View 10",
"version": {
"version_data": [
{
"version_value": "earlier than 9.0.0.202(C567E6R1P12T8)"
}
]
}
},
{
"product_name": "Leland-AL00A",
"version": {
"version_data": [
{
"version_value": "earlier than 8.0.0.182(C00)"
}
]
}
},
{
"product_name": "Leland-L21A",
"version": {
"version_data": [
{
"version_value": "earlier than 8.0.0.135(C185)"
},
{
"version_value": "earlier than 9.1.0.118(C636E4R1P1T8)"
}
]
}
},
{
"product_name": "Leland-L22A",
"version": {
"version_data": [
{
"version_value": "earlier than 9.1.0.118(C636E4R1P1T8)"
}
]
}
},
{
"product_name": "Leland-L22C",
"version": {
"version_data": [
{
"version_value": "earlier than 9.1.0.118(C636E4R1P1T8)"
}
]
}
},
{
"product_name": "Leland-L31A",
"version": {
"version_data": [
{
"version_value": "earlier than 8.0.0.139(C432)"
}
]
}
}
]
},
"vendor_name": "Huawei"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Huawei smart phones have a Factory Reset Protection (FRP) bypass security vulnerability. When re-configuring the mobile phone using the factory reset protection (FRP) function, an attacker login the Talkback mode and can perform some operations to install a third-Party application. Affected products can be found in https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200115-01-frp-en."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "FRP Bypass"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200115-01-frp-en",
"refsource": "CONFIRM",
"url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200115-01-frp-en"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "25ac1063-e409-4190-8079-24548c77ea2e",
"assignerShortName": "huawei",
"cveId": "CVE-2019-19412",
"datePublished": "2020-06-08T18:21:28",
"dateReserved": "2019-11-29T00:00:00",
"dateUpdated": "2024-08-05T02:16:47.114Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-0022 (GCVE-0-2020-0022)
Vulnerability from cvelistv5 – Published: 2020-02-13 14:21 – Updated: 2024-08-04 05:47
VLAI?
Summary
In reassemble_and_dispatch of packet_fragmenter.cc, there is possible out of bounds write due to an incorrect bounds calculation. This could lead to remote code execution over Bluetooth with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1 Android-9 Android-10Android ID: A-143894715
Severity ?
8.8 (High)
CWE
- Denial of service
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
Impacted products
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:o:google:android:8.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "android",
"vendor": "google",
"versions": [
{
"status": "affected",
"version": "8.0"
}
]
},
{
"cpes": [
"cpe:2.3:o:google:android:9.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "android",
"vendor": "google",
"versions": [
{
"status": "affected",
"version": "9.0"
}
]
},
{
"cpes": [
"cpe:2.3:o:google:android:10.0:-:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "android",
"vendor": "google",
"versions": [
{
"status": "affected",
"version": "10.0"
}
]
},
{
"cpes": [
"cpe:2.3:o:google:android:8.1:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "android",
"vendor": "google",
"versions": [
{
"status": "affected",
"version": "8.1"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2020-0022",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-28T13:54:56.691635Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-682",
"description": "CWE-682 Incorrect Calculation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-07-28T14:00:17.318Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-04T05:47:40.847Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://source.android.com/security/bulletin/2020-02-01"
},
{
"name": "20200214 Re: [FD] Critical Bluetooth Vulnerability in Android (CVE-2020-0022) - BlueFrag",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2020/Feb/10"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/156891/Android-Bluetooth-Remote-Denial-Of-Service.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200513-03-smartphone-en"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Android",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Android-8.0 Android-8.1 Android-9 Android-10"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In reassemble_and_dispatch of packet_fragmenter.cc, there is possible out of bounds write due to an incorrect bounds calculation. This could lead to remote code execution over Bluetooth with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1 Android-9 Android-10Android ID: A-143894715"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Denial of service",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-05-13T13:06:27",
"orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6",
"shortName": "google_android"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://source.android.com/security/bulletin/2020-02-01"
},
{
"name": "20200214 Re: [FD] Critical Bluetooth Vulnerability in Android (CVE-2020-0022) - BlueFrag",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2020/Feb/10"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/156891/Android-Bluetooth-Remote-Denial-Of-Service.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200513-03-smartphone-en"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@android.com",
"ID": "CVE-2020-0022",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Android",
"version": {
"version_data": [
{
"version_value": "Android-8.0 Android-8.1 Android-9 Android-10"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In reassemble_and_dispatch of packet_fragmenter.cc, there is possible out of bounds write due to an incorrect bounds calculation. This could lead to remote code execution over Bluetooth with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1 Android-9 Android-10Android ID: A-143894715"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Denial of service"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://source.android.com/security/bulletin/2020-02-01",
"refsource": "MISC",
"url": "https://source.android.com/security/bulletin/2020-02-01"
},
{
"name": "20200214 Re: [FD] Critical Bluetooth Vulnerability in Android (CVE-2020-0022) - BlueFrag",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2020/Feb/10"
},
{
"name": "http://packetstormsecurity.com/files/156891/Android-Bluetooth-Remote-Denial-Of-Service.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/156891/Android-Bluetooth-Remote-Denial-Of-Service.html"
},
{
"name": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200513-03-smartphone-en",
"refsource": "CONFIRM",
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200513-03-smartphone-en"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6",
"assignerShortName": "google_android",
"cveId": "CVE-2020-0022",
"datePublished": "2020-02-13T14:21:41",
"dateReserved": "2019-10-17T00:00:00",
"dateUpdated": "2024-08-04T05:47:40.847Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-9506 (GCVE-0-2019-9506)
Vulnerability from cvelistv5 – Published: 2019-08-14 16:27 – Updated: 2024-09-16 19:14
VLAI?
Title
Blutooth BR/EDR specification does not specify sufficient encryption key length and allows an attacker to influence key length negotiation
Summary
The Bluetooth BR/EDR specification up to and including version 5.1 permits sufficiently low encryption key length and does not prevent an attacker from influencing the key length negotiation. This allows practical brute-force attacks (aka "KNOB") that can decrypt traffic and inject arbitrary ciphertext without the victim noticing.
Severity ?
7.6 (High)
CWE
- CWE-310 - Cryptographic Issues
Assigner
References
| URL | Tags | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Credits
Daniele Antonioli‚ Nils Ole Tippenhauer, Kasper Rasmussen
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T21:54:44.303Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "VU#918987",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "https://www.kb.cert.org/vuls/id/918987/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.cs.ox.ac.uk/publications/publication12404-abstract.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.usenix.org/conference/usenixsecurity19/presentation/antonioli"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.bluetooth.com/security/statement-key-negotiation-of-bluetooth/"
},
{
"name": "20190816 APPLE-SA-2019-8-13-3 Additional information for APPLE-SA-2019-7-22-4 watchOS 5.3",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2019/Aug/14"
},
{
"name": "20190816 APPLE-SA-2019-8-13-1 Additional information for APPLE-SA-2019-7-22-2 macOS Mojave 10.14.6, Security Update 2019-004 High Sierra, Security Update 2019-004 Sierra",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2019/Aug/11"
},
{
"name": "20190816 APPLE-SA-2019-8-13-2 Additional information for APPLE-SA-2019-7-22-1 iOS 12.4",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2019/Aug/13"
},
{
"name": "20190816 APPLE-SA-2019-8-13-4 Additional information for APPLE-SA-2019-7-22-5 tvOS 12.4",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2019/Aug/15"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20190828-01-knob-en"
},
{
"name": "USN-4115-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/4115-1/"
},
{
"name": "USN-4118-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/4118-1/"
},
{
"name": "[debian-lts-announce] 20190914 [SECURITY] [DLA 1919-1] linux-4.9 security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/09/msg00014.html"
},
{
"name": "[debian-lts-announce] 20190915 [SECURITY] [DLA 1919-2] linux-4.9 security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/09/msg00015.html"
},
{
"name": "[debian-lts-announce] 20190925 [SECURITY] [DLA 1930-1] linux security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/09/msg00025.html"
},
{
"name": "USN-4147-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/4147-1/"
},
{
"name": "RHSA-2019:2975",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2975"
},
{
"name": "openSUSE-SU-2019:2307",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00037.html"
},
{
"name": "openSUSE-SU-2019:2308",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00036.html"
},
{
"name": "RHSA-2019:3076",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:3076"
},
{
"name": "RHSA-2019:3055",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:3055"
},
{
"name": "RHSA-2019:3089",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:3089"
},
{
"name": "RHSA-2019:3187",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:3187"
},
{
"name": "RHSA-2019:3165",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:3165"
},
{
"name": "RHSA-2019:3217",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:3217"
},
{
"name": "RHSA-2019:3220",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:3220"
},
{
"name": "RHSA-2019:3231",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:3231"
},
{
"name": "RHSA-2019:3218",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:3218"
},
{
"name": "RHSA-2019:3309",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:3309"
},
{
"name": "RHSA-2019:3517",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:3517"
},
{
"name": "RHSA-2020:0204",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2020:0204"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"platforms": [
"N/A"
],
"product": "BR/EDR",
"vendor": "Bluetooth",
"versions": [
{
"lessThanOrEqual": "5.1",
"status": "affected",
"version": "5.1",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Daniele Antonioli\u201a Nils Ole Tippenhauer, Kasper Rasmussen"
}
],
"datePublic": "2019-08-14T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The Bluetooth BR/EDR specification up to and including version 5.1 permits sufficiently low encryption key length and does not prevent an attacker from influencing the key length negotiation. This allows practical brute-force attacks (aka \"KNOB\") that can decrypt traffic and inject arbitrary ciphertext without the victim noticing."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-310",
"description": "CWE-310 Cryptographic Issues",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-01-30T10:06:23",
"orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"shortName": "certcc"
},
"references": [
{
"name": "VU#918987",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "https://www.kb.cert.org/vuls/id/918987/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.cs.ox.ac.uk/publications/publication12404-abstract.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.usenix.org/conference/usenixsecurity19/presentation/antonioli"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.bluetooth.com/security/statement-key-negotiation-of-bluetooth/"
},
{
"name": "20190816 APPLE-SA-2019-8-13-3 Additional information for APPLE-SA-2019-7-22-4 watchOS 5.3",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2019/Aug/14"
},
{
"name": "20190816 APPLE-SA-2019-8-13-1 Additional information for APPLE-SA-2019-7-22-2 macOS Mojave 10.14.6, Security Update 2019-004 High Sierra, Security Update 2019-004 Sierra",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2019/Aug/11"
},
{
"name": "20190816 APPLE-SA-2019-8-13-2 Additional information for APPLE-SA-2019-7-22-1 iOS 12.4",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2019/Aug/13"
},
{
"name": "20190816 APPLE-SA-2019-8-13-4 Additional information for APPLE-SA-2019-7-22-5 tvOS 12.4",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2019/Aug/15"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20190828-01-knob-en"
},
{
"name": "USN-4115-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/4115-1/"
},
{
"name": "USN-4118-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/4118-1/"
},
{
"name": "[debian-lts-announce] 20190914 [SECURITY] [DLA 1919-1] linux-4.9 security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/09/msg00014.html"
},
{
"name": "[debian-lts-announce] 20190915 [SECURITY] [DLA 1919-2] linux-4.9 security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/09/msg00015.html"
},
{
"name": "[debian-lts-announce] 20190925 [SECURITY] [DLA 1930-1] linux security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/09/msg00025.html"
},
{
"name": "USN-4147-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/4147-1/"
},
{
"name": "RHSA-2019:2975",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2975"
},
{
"name": "openSUSE-SU-2019:2307",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00037.html"
},
{
"name": "openSUSE-SU-2019:2308",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00036.html"
},
{
"name": "RHSA-2019:3076",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:3076"
},
{
"name": "RHSA-2019:3055",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:3055"
},
{
"name": "RHSA-2019:3089",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:3089"
},
{
"name": "RHSA-2019:3187",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:3187"
},
{
"name": "RHSA-2019:3165",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:3165"
},
{
"name": "RHSA-2019:3217",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:3217"
},
{
"name": "RHSA-2019:3220",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:3220"
},
{
"name": "RHSA-2019:3231",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:3231"
},
{
"name": "RHSA-2019:3218",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:3218"
},
{
"name": "RHSA-2019:3309",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:3309"
},
{
"name": "RHSA-2019:3517",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:3517"
},
{
"name": "RHSA-2020:0204",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2020:0204"
}
],
"source": {
"advisory": "VU#918987",
"defect": [
"VU#918987"
],
"discovery": "EXTERNAL"
},
"title": "Blutooth BR/EDR specification does not specify sufficient encryption key length and allows an attacker to influence key length negotiation",
"workarounds": [
{
"lang": "en",
"value": "Bluetooth SIG Expedited Errata Correction 11838"
}
],
"x_generator": {
"engine": "Vulnogram 0.0.7"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"AKA": "KNOB",
"ASSIGNER": "cert@cert.org",
"DATE_PUBLIC": "2019-08-14",
"ID": "CVE-2019-9506",
"STATE": "PUBLIC",
"TITLE": "Blutooth BR/EDR specification does not specify sufficient encryption key length and allows an attacker to influence key length negotiation"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "BR/EDR",
"version": {
"version_data": [
{
"platform": "N/A",
"version_affected": "\u003c=",
"version_name": "5.1",
"version_value": "5.1"
}
]
}
}
]
},
"vendor_name": "Bluetooth"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Daniele Antonioli\u201a Nils Ole Tippenhauer, Kasper Rasmussen"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Bluetooth BR/EDR specification up to and including version 5.1 permits sufficiently low encryption key length and does not prevent an attacker from influencing the key length negotiation. This allows practical brute-force attacks (aka \"KNOB\") that can decrypt traffic and inject arbitrary ciphertext without the victim noticing."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.7"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-310 Cryptographic Issues"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "VU#918987",
"refsource": "CERT-VN",
"url": "https://www.kb.cert.org/vuls/id/918987/"
},
{
"name": "http://www.cs.ox.ac.uk/publications/publication12404-abstract.html",
"refsource": "MISC",
"url": "http://www.cs.ox.ac.uk/publications/publication12404-abstract.html"
},
{
"name": "https://www.usenix.org/conference/usenixsecurity19/presentation/antonioli",
"refsource": "MISC",
"url": "https://www.usenix.org/conference/usenixsecurity19/presentation/antonioli"
},
{
"name": "https://www.bluetooth.com/security/statement-key-negotiation-of-bluetooth/",
"refsource": "CONFIRM",
"url": "https://www.bluetooth.com/security/statement-key-negotiation-of-bluetooth/"
},
{
"name": "20190816 APPLE-SA-2019-8-13-3 Additional information for APPLE-SA-2019-7-22-4 watchOS 5.3",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2019/Aug/14"
},
{
"name": "20190816 APPLE-SA-2019-8-13-1 Additional information for APPLE-SA-2019-7-22-2 macOS Mojave 10.14.6, Security Update 2019-004 High Sierra, Security Update 2019-004 Sierra",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2019/Aug/11"
},
{
"name": "20190816 APPLE-SA-2019-8-13-2 Additional information for APPLE-SA-2019-7-22-1 iOS 12.4",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2019/Aug/13"
},
{
"name": "20190816 APPLE-SA-2019-8-13-4 Additional information for APPLE-SA-2019-7-22-5 tvOS 12.4",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2019/Aug/15"
},
{
"name": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20190828-01-knob-en",
"refsource": "CONFIRM",
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20190828-01-knob-en"
},
{
"name": "USN-4115-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/4115-1/"
},
{
"name": "USN-4118-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/4118-1/"
},
{
"name": "[debian-lts-announce] 20190914 [SECURITY] [DLA 1919-1] linux-4.9 security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2019/09/msg00014.html"
},
{
"name": "[debian-lts-announce] 20190915 [SECURITY] [DLA 1919-2] linux-4.9 security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2019/09/msg00015.html"
},
{
"name": "[debian-lts-announce] 20190925 [SECURITY] [DLA 1930-1] linux security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2019/09/msg00025.html"
},
{
"name": "USN-4147-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/4147-1/"
},
{
"name": "RHSA-2019:2975",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:2975"
},
{
"name": "openSUSE-SU-2019:2307",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00037.html"
},
{
"name": "openSUSE-SU-2019:2308",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00036.html"
},
{
"name": "RHSA-2019:3076",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:3076"
},
{
"name": "RHSA-2019:3055",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:3055"
},
{
"name": "RHSA-2019:3089",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:3089"
},
{
"name": "RHSA-2019:3187",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:3187"
},
{
"name": "RHSA-2019:3165",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:3165"
},
{
"name": "RHSA-2019:3217",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:3217"
},
{
"name": "RHSA-2019:3220",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:3220"
},
{
"name": "RHSA-2019:3231",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:3231"
},
{
"name": "RHSA-2019:3218",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:3218"
},
{
"name": "RHSA-2019:3309",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:3309"
},
{
"name": "RHSA-2019:3517",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:3517"
},
{
"name": "RHSA-2020:0204",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2020:0204"
}
]
},
"source": {
"advisory": "VU#918987",
"defect": [
"VU#918987"
],
"discovery": "EXTERNAL"
},
"work_around": [
{
"lang": "en",
"value": "Bluetooth SIG Expedited Errata Correction 11838"
}
]
}
}
},
"cveMetadata": {
"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"assignerShortName": "certcc",
"cveId": "CVE-2019-9506",
"datePublished": "2019-08-14T16:27:45.059869Z",
"dateReserved": "2019-03-01T00:00:00",
"dateUpdated": "2024-09-16T19:14:13.573Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}