FKIE_CVE-2018-16270

Vulnerability from fkie_nvd - Published: 2020-01-22 14:15 - Updated: 2024-11-21 03:52
Severity ?
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
Summary
Samsung Galaxy Gear series before build RE2 includes the hcidump utility with no privilege or permission restriction. This allows an unprivileged process to dump Bluetooth HCI packets to an arbitrary file path.
References
cve@mitre.orghttps://media.defcon.org/DEF%20CON%2026/DEF%20CON%2026%20presentations/Dongsung%20Kim%20and%20Hyoung%20Kee%20Choi%20-%20Updated/DEFCON-26-Dongsung-Kim-and-Hyoung-Kee-Choi-Your-Watch-Can-Watch-You-Updated.pdfExploit, Third Party Advisory
cve@mitre.orghttps://www.youtube.com/watch?v=3IdgBwbOT-g&feature=youtu.beExploit, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://media.defcon.org/DEF%20CON%2026/DEF%20CON%2026%20presentations/Dongsung%20Kim%20and%20Hyoung%20Kee%20Choi%20-%20Updated/DEFCON-26-Dongsung-Kim-and-Hyoung-Kee-Choi-Your-Watch-Can-Watch-You-Updated.pdfExploit, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.youtube.com/watch?v=3IdgBwbOT-g&feature=youtu.beExploit, Third Party Advisory
Impacted products
Vendor Product Version
samsung galaxy_gear_firmware *
samsung galaxy_gear -
samsung gear_2_firmware *
samsung gear_2 -
samsung gear_live_firmware *
samsung gear_live -
samsung gear_s_firmware *
samsung gear_s -
samsung gear_s2_firmware *
samsung gear_s2 -
samsung gear_s3_firmware *
samsung gear_s3 -
samsung gear_sport_firmware *
samsung gear_sport -
samsung gear_fit_firmware *
samsung gear_fit -
samsung gear_fit_2_firmware *
samsung gear_fit_2 -
samsung gear_fit_2_pro_firmware *
samsung gear_fit_2_pro -
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:samsung:galaxy_gear_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "823D208B-3316-42CD-BFAD-F680B2CE04CA",
              "versionEndExcluding": "re2",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:samsung:galaxy_gear:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "8B033BF3-3C56-4B7A-92B5-8D1024EB36EE",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:samsung:gear_2_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "3ACF61B2-D169-4423-9A54-BA0C73BAAA95",
              "versionEndExcluding": "re2",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:samsung:gear_2:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A58D5FF1-9573-4059-9C38-4C6B45812896",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:samsung:gear_live_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "94B31103-12C7-460E-B0F0-86D1B036D067",
              "versionEndExcluding": "re2",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:samsung:gear_live:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "C1E260EE-D0E5-4506-862E-367D72767A5B",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:samsung:gear_s_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "42163099-D8E7-4509-A9B0-ABCA3260E963",
              "versionEndExcluding": "re2",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:samsung:gear_s:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "15C8050C-4FFB-4CE9-AC2E-927C43D0A5ED",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:samsung:gear_s2_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "77C40433-B8BC-4829-B7C5-2EEA66C7827F",
              "versionEndExcluding": "re2",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:samsung:gear_s2:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "80E04318-D715-4263-A869-C9203EB7CE75",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:samsung:gear_s3_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "A52BB0AA-9EFC-4CC8-AD81-777D63C8E26B",
              "versionEndExcluding": "re2",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:samsung:gear_s3:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "EB6F5890-C7A5-45B2-BADE-118B53BE2667",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:samsung:gear_sport_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "062AEA64-280B-4A80-9E9F-A65225D7A7E9",
              "versionEndExcluding": "re2",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:samsung:gear_sport:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "B4D21008-B7FC-4E40-8817-B96A045DB122",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:samsung:gear_fit_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "3F03DF2D-7C51-4633-918E-58B0A5601954",
              "versionEndExcluding": "re2",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:samsung:gear_fit:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "1BA573D2-AF1C-4763-9244-95F5104177E2",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:samsung:gear_fit_2_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "826565B1-E201-4EF4-B9FD-6D34962188F2",
              "versionEndExcluding": "re2",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:samsung:gear_fit_2:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "5A2D9849-D057-41ED-AA8A-D692135B4DC2",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:samsung:gear_fit_2_pro_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "73864A48-39CC-4196-B18C-AB079D554709",
              "versionEndExcluding": "re2",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:samsung:gear_fit_2_pro:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "49E06C7B-5870-4D08-8D48-43EC469A579B",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Samsung Galaxy Gear series before build RE2 includes the hcidump utility with no privilege or permission restriction. This allows an unprivileged process to dump Bluetooth HCI packets to an arbitrary file path."
    },
    {
      "lang": "es",
      "value": "La serie Samsung Galaxy Gear versiones anteriores al build RE2, incluye la utilidad hcidump sin restricci\u00f3n de privilegios o permisos. Esto permite a un proceso no privilegiado descargar paquetes Bluetooth HCI en una ruta de archivo arbitraria."
    }
  ],
  "id": "CVE-2018-16270",
  "lastModified": "2024-11-21T03:52:25.633",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 5.0,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 7.5,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "NONE",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2020-01-22T14:15:11.213",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit",
        "Third Party Advisory"
      ],
      "url": "https://media.defcon.org/DEF%20CON%2026/DEF%20CON%2026%20presentations/Dongsung%20Kim%20and%20Hyoung%20Kee%20Choi%20-%20Updated/DEFCON-26-Dongsung-Kim-and-Hyoung-Kee-Choi-Your-Watch-Can-Watch-You-Updated.pdf"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit",
        "Third Party Advisory"
      ],
      "url": "https://www.youtube.com/watch?v=3IdgBwbOT-g\u0026feature=youtu.be"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Third Party Advisory"
      ],
      "url": "https://media.defcon.org/DEF%20CON%2026/DEF%20CON%2026%20presentations/Dongsung%20Kim%20and%20Hyoung%20Kee%20Choi%20-%20Updated/DEFCON-26-Dongsung-Kim-and-Hyoung-Kee-Choi-Your-Watch-Can-Watch-You-Updated.pdf"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Third Party Advisory"
      ],
      "url": "https://www.youtube.com/watch?v=3IdgBwbOT-g\u0026feature=youtu.be"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-269"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.