cvelistv5 - CVE-2018-8117

CVE-2018-8117 (GCVE-0-2018-8117)

Vulnerability from cvelistv5

Published

2018-04-12 01:00

Modified

2024-08-05 06:46

Severity ?

CWE

Security Feature Bypass

Summary

A security feature bypass vulnerability exists in the Microsoft Wireless Keyboard 850 which could allow an attacker to reuse an AES encryption key to send keystrokes to other keyboard devices or to read keystrokes sent by other keyboards for the affected devices, aka "Microsoft Wireless Keyboard 850 Security Feature Bypass Vulnerability." This affects Microsoft Wireless Keyboard 850.

References

URL

	Vendor	Product	Version
	Microsoft	Microsoft Wireless Keyboard 850	Version: Microsoft Wireless Keyboard 850

fkie_cve-2018-8117

Vulnerability from fkie_nvd

Published

2018-04-12 01:29

Modified

2024-11-21 04:13

Severity ?

6.8 (Medium) - CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N

Summary

References

URL	Tags
secure@microsoft.com	http://www.securityfocus.com/bid/103711	Third Party Advisory, VDB Entry
secure@microsoft.com	https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8117	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/103711	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8117	Patch, Vendor Advisory

Impacted products

	Vendor	Product	Version
	microsoft	wireless_keyboard_850	-

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:microsoft:wireless_keyboard_850:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "2C079075-5825-4B0E-BDBC-151E6692DD8B",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "A security feature bypass vulnerability exists in the Microsoft Wireless Keyboard 850 which could allow an attacker to reuse an AES encryption key to send keystrokes to other keyboard devices or to read keystrokes sent by other keyboards for the affected devices, aka \"Microsoft Wireless Keyboard 850 Security Feature Bypass Vulnerability.\" This affects Microsoft Wireless Keyboard 850."
    },
    {
      "lang": "es",
      "value": "Existe una vulnerabilidad de omisi\u00f3n de la caracter\u00edstica de seguridad en Microsoft Wireless Keyboard 850, lo que podr\u00eda permitir que un atacante reutilice una clave de cifrado AES para enviar las pulsaciones de teclado de otros teclados o leer las pulsaciones enviadas por otros teclados a los dispositivos afectados. Esto tambi\u00e9n se conoce como \"Microsoft Wireless Keyboard 850 Security Feature Bypass Vulnerability\". Esto afecta a Microsoft Wireless Keyboard 850."
    }
  ],
  "id": "CVE-2018-8117",
  "lastModified": "2024-11-21T04:13:17.787",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "ADJACENT_NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 7.3,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:A/AC:M/Au:N/C:C/I:C/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 5.5,
        "impactScore": 9.2,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "HIGH",
          "attackVector": "ADJACENT_NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 6.8,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 1.6,
        "impactScore": 5.2,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2018-04-12T01:29:11.923",
  "references": [
    {
      "source": "secure@microsoft.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/103711"
    },
    {
      "source": "secure@microsoft.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8117"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/103711"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8117"
    }
  ],
  "sourceIdentifier": "secure@microsoft.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

ghsa-3m6p-3rc3-w9wf

Vulnerability from github

Published

2022-05-13 01:53

Modified

2022-05-13 01:53

Severity ?

6.8 (Medium) - CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2018-8117"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2018-04-12T01:29:00Z",
    "severity": "HIGH"
  },
  "details": "A security feature bypass vulnerability exists in the Microsoft Wireless Keyboard 850 which could allow an attacker to reuse an AES encryption key to send keystrokes to other keyboard devices or to read keystrokes sent by other keyboards for the affected devices, aka \"Microsoft Wireless Keyboard 850 Security Feature Bypass Vulnerability.\" This affects Microsoft Wireless Keyboard 850.",
  "id": "GHSA-3m6p-3rc3-w9wf",
  "modified": "2022-05-13T01:53:31Z",
  "published": "2022-05-13T01:53:31Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-8117"
    },
    {
      "type": "WEB",
      "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8117"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/103711"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
      "type": "CVSS_V3"
    }
  ]
}

var-201804-1515

Vulnerability from variot

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201804-1515",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "wireless keyboard 850",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "microsoft",
        "version": null
      },
      {
        "model": "wireless keyboard 850",
        "scope": null,
        "trust": 0.8,
        "vendor": "microsoft",
        "version": null
      },
      {
        "model": "wireless keyboard",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "microsoft",
        "version": "8500"
      }
    ],
    "sources": [
      {
        "db": "BID",
        "id": "103711"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-003532"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201804-619"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-8117"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "cpe_match": [
              {
                "cpe22Uri": "cpe:/h:microsoft:wireless_keyboard_850",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-003532"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Microsoft",
    "sources": [
      {
        "db": "BID",
        "id": "103711"
      }
    ],
    "trust": 0.3
  },
  "cve": "CVE-2018-8117",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "accessComplexity": "MEDIUM",
            "accessVector": "ADJACENT_NETWORK",
            "authentication": "NONE",
            "author": "nvd@nist.gov",
            "availabilityImpact": "NONE",
            "baseScore": 7.3,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 5.5,
            "id": "CVE-2018-8117",
            "impactScore": 9.2,
            "integrityImpact": "COMPLETE",
            "severity": "HIGH",
            "trust": 1.8,
            "vectorString": "AV:A/AC:M/Au:N/C:C/I:C/A:N",
            "version": "2.0"
          },
          {
            "accessComplexity": "MEDIUM",
            "accessVector": "ADJACENT_NETWORK",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "NONE",
            "baseScore": 7.3,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 5.5,
            "id": "VHN-138149",
            "impactScore": 9.2,
            "integrityImpact": "COMPLETE",
            "severity": "HIGH",
            "trust": 0.1,
            "vectorString": "AV:A/AC:M/AU:N/C:C/I:C/A:N",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "HIGH",
            "attackVector": "ADJACENT",
            "author": "nvd@nist.gov",
            "availabilityImpact": "NONE",
            "baseScore": 6.8,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "exploitabilityScore": 1.6,
            "id": "CVE-2018-8117",
            "impactScore": 5.2,
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "trust": 1.8,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "nvd@nist.gov",
            "id": "CVE-2018-8117",
            "trust": 1.0,
            "value": "MEDIUM"
          },
          {
            "author": "NVD",
            "id": "CVE-2018-8117",
            "trust": 0.8,
            "value": "Medium"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201804-619",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "VULHUB",
            "id": "VHN-138149",
            "trust": 0.1,
            "value": "HIGH"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-138149"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-003532"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201804-619"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-8117"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "A security feature bypass vulnerability exists in the Microsoft Wireless Keyboard 850 which could allow an attacker to reuse an AES encryption key to send keystrokes to other keyboard devices or to read keystrokes sent by other keyboards for the affected devices, aka \"Microsoft Wireless Keyboard 850 Security Feature Bypass Vulnerability.\" This affects Microsoft Wireless Keyboard 850. \nAn attacker can exploit this issue to bypass certain security restrictions and perform unauthorized actions; this may aid in launching further attacks",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2018-8117"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-003532"
      },
      {
        "db": "BID",
        "id": "103711"
      },
      {
        "db": "VULHUB",
        "id": "VHN-138149"
      }
    ],
    "trust": 1.98
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2018-8117",
        "trust": 2.8
      },
      {
        "db": "BID",
        "id": "103711",
        "trust": 2.0
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-003532",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201804-619",
        "trust": 0.6
      },
      {
        "db": "VULHUB",
        "id": "VHN-138149",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-138149"
      },
      {
        "db": "BID",
        "id": "103711"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-003532"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201804-619"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-8117"
      }
    ]
  },
  "id": "VAR-201804-1515",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-138149"
      }
    ],
    "trust": 0.01
  },
  "last_update_date": "2024-11-23T22:26:24.710000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "CVE-2018-8117 | Microsoft Wireless Keyboard 850 Security Feature Bypass Vulnerability",
        "trust": 0.8,
        "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8117"
      },
      {
        "title": "CVE-2018-8117 | Microsoft Wireless Keyboard 850 \u306e\u30bb\u30ad\u30e5\u30ea\u30c6\u30a3\u6a5f\u80fd\u306e\u30d0\u30a4\u30d1\u30b9\u306e\u8106\u5f31\u6027",
        "trust": 0.8,
        "url": "https://portal.msrc.microsoft.com/ja-jp/security-guidance/advisory/CVE-2018-8117"
      },
      {
        "title": "Microsoft Wireless Keyboard 850 Security vulnerabilities",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=83360"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-003532"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201804-619"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "NVD-CWE-noinfo",
        "trust": 1.0
      },
      {
        "problemtype": "CWE-310",
        "trust": 0.9
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-138149"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-003532"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-8117"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.0,
        "url": "https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/cve-2018-8117"
      },
      {
        "trust": 1.7,
        "url": "http://www.securityfocus.com/bid/103711"
      },
      {
        "trust": 0.8,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-8117"
      },
      {
        "trust": 0.8,
        "url": "https://www.ipa.go.jp/security/ciadr/vul/20180411-ms.html"
      },
      {
        "trust": 0.8,
        "url": "http://www.jpcert.or.jp/at/2018/at180016.html"
      },
      {
        "trust": 0.8,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-8117"
      },
      {
        "trust": 0.3,
        "url": "http://www.microsoft.com"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-138149"
      },
      {
        "db": "BID",
        "id": "103711"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-003532"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201804-619"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-8117"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "VULHUB",
        "id": "VHN-138149"
      },
      {
        "db": "BID",
        "id": "103711"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-003532"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201804-619"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-8117"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2018-04-12T00:00:00",
        "db": "VULHUB",
        "id": "VHN-138149"
      },
      {
        "date": "2018-04-10T00:00:00",
        "db": "BID",
        "id": "103711"
      },
      {
        "date": "2018-05-25T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2018-003532"
      },
      {
        "date": "2018-04-11T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201804-619"
      },
      {
        "date": "2018-04-12T01:29:11.923000",
        "db": "NVD",
        "id": "CVE-2018-8117"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2019-10-03T00:00:00",
        "db": "VULHUB",
        "id": "VHN-138149"
      },
      {
        "date": "2018-04-10T00:00:00",
        "db": "BID",
        "id": "103711"
      },
      {
        "date": "2018-05-25T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2018-003532"
      },
      {
        "date": "2019-10-23T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201804-619"
      },
      {
        "date": "2024-11-21T04:13:17.787000",
        "db": "NVD",
        "id": "CVE-2018-8117"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote or local",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201804-619"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Microsoft Wireless Keyboard 850 Vulnerabilities that bypass security functions",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-003532"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "encryption problem",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201804-619"
      }
    ],
    "trust": 0.6
  }
}

cnvd-2018-09631

Vulnerability from cnvd

Title

Microsoft Wireless Keyboard 850安全功能绕过漏洞

Description

Microsoft Windows是一款流行的操作系统。 Microsoft Wireless Keyboard 850在实现上存在安全功能绕过漏洞，允许本地攻击者利用漏洞提交特殊的请求，重利用AES密钥获取键盘输入信息。

Severity

低

Patch Name

Microsoft Wireless Keyboard 850安全功能绕过漏洞的补丁

Patch Description

Microsoft Windows是一款流行的操作系统。 Microsoft Wireless Keyboard 850在实现上存在安全功能绕过漏洞，允许本地攻击者利用漏洞提交特殊的请求，重利用AES密钥获取键盘输入信息。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description

用户可参考如下供应商提供的安全公告获得补丁信息： https://portal.msrc.microsoft.com/zh-cn/security-guidance/releasenotedetail/abf77563-8612-e811-a966-000d3a33a34d

Reference

https://nvd.nist.gov/vuln/detail/CVE-2018-8117

Impacted products

Name
Microsoft Wireless Keyboard 850 0

Show details on source website

JSON

To clipboard

{
  "bids": {
    "bid": {
      "bidNumber": "103711"
    }
  },
  "cves": {
    "cve": {
      "cveNumber": "CVE-2018-8117",
      "cveUrl": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8117"
    }
  },
  "description": "Microsoft Windows\u662f\u4e00\u6b3e\u6d41\u884c\u7684\u64cd\u4f5c\u7cfb\u7edf\u3002\r\n\r\nMicrosoft Wireless Keyboard 850\u5728\u5b9e\u73b0\u4e0a\u5b58\u5728\u5b89\u5168\u529f\u80fd\u7ed5\u8fc7\u6f0f\u6d1e\uff0c\u5141\u8bb8\u672c\u5730\u653b\u51fb\u8005\u5229\u7528\u6f0f\u6d1e\u63d0\u4ea4\u7279\u6b8a\u7684\u8bf7\u6c42\uff0c\u91cd\u5229\u7528AES\u5bc6\u94a5\u83b7\u53d6\u952e\u76d8\u8f93\u5165\u4fe1\u606f\u3002",
  "discovererName": "Microsoft",
  "formalWay": "\u7528\u6237\u53ef\u53c2\u8003\u5982\u4e0b\u4f9b\u5e94\u5546\u63d0\u4f9b\u7684\u5b89\u5168\u516c\u544a\u83b7\u5f97\u8865\u4e01\u4fe1\u606f\uff1a\r\nhttps://portal.msrc.microsoft.com/zh-cn/security-guidance/releasenotedetail/abf77563-8612-e811-a966-000d3a33a34d",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2018-09631",
  "openTime": "2018-05-16",
  "patchDescription": "Microsoft Windows\u662f\u4e00\u6b3e\u6d41\u884c\u7684\u64cd\u4f5c\u7cfb\u7edf\u3002\r\n\r\nMicrosoft Wireless Keyboard 850\u5728\u5b9e\u73b0\u4e0a\u5b58\u5728\u5b89\u5168\u529f\u80fd\u7ed5\u8fc7\u6f0f\u6d1e\uff0c\u5141\u8bb8\u672c\u5730\u653b\u51fb\u8005\u5229\u7528\u6f0f\u6d1e\u63d0\u4ea4\u7279\u6b8a\u7684\u8bf7\u6c42\uff0c\u91cd\u5229\u7528AES\u5bc6\u94a5\u83b7\u53d6\u952e\u76d8\u8f93\u5165\u4fe1\u606f\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Microsoft Wireless Keyboard 850\u5b89\u5168\u529f\u80fd\u7ed5\u8fc7\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": "Microsoft Wireless Keyboard 850 0"
  },
  "referenceLink": "https://nvd.nist.gov/vuln/detail/CVE-2018-8117",
  "serverity": "\u4f4e",
  "submitTime": "2018-04-16",
  "title": "Microsoft Wireless Keyboard 850\u5b89\u5168\u529f\u80fd\u7ed5\u8fc7\u6f0f\u6d1e"
}

gsd-2018-8117

Vulnerability from gsd

Modified

2023-12-13 01:22

Details

Aliases

CVE-2018-8117

Aliases

CVE-2018-8117

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2018-8117",
    "description": "A security feature bypass vulnerability exists in the Microsoft Wireless Keyboard 850 which could allow an attacker to reuse an AES encryption key to send keystrokes to other keyboard devices or to read keystrokes sent by other keyboards for the affected devices, aka \"Microsoft Wireless Keyboard 850 Security Feature Bypass Vulnerability.\" This affects Microsoft Wireless Keyboard 850.",
    "id": "GSD-2018-8117"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2018-8117"
      ],
      "details": "A security feature bypass vulnerability exists in the Microsoft Wireless Keyboard 850 which could allow an attacker to reuse an AES encryption key to send keystrokes to other keyboard devices or to read keystrokes sent by other keyboards for the affected devices, aka \"Microsoft Wireless Keyboard 850 Security Feature Bypass Vulnerability.\" This affects Microsoft Wireless Keyboard 850.",
      "id": "GSD-2018-8117",
      "modified": "2023-12-13T01:22:34.254963Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "secure@microsoft.com",
        "ID": "CVE-2018-8117",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "Microsoft Wireless Keyboard 850",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "Microsoft Wireless Keyboard 850"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "Microsoft"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "A security feature bypass vulnerability exists in the Microsoft Wireless Keyboard 850 which could allow an attacker to reuse an AES encryption key to send keystrokes to other keyboard devices or to read keystrokes sent by other keyboards for the affected devices, aka \"Microsoft Wireless Keyboard 850 Security Feature Bypass Vulnerability.\" This affects Microsoft Wireless Keyboard 850."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "Security Feature Bypass"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "103711",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/103711"
          },
          {
            "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8117",
            "refsource": "CONFIRM",
            "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8117"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:h:microsoft:wireless_keyboard_850:-:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "secure@microsoft.com",
          "ID": "CVE-2018-8117"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "A security feature bypass vulnerability exists in the Microsoft Wireless Keyboard 850 which could allow an attacker to reuse an AES encryption key to send keystrokes to other keyboard devices or to read keystrokes sent by other keyboards for the affected devices, aka \"Microsoft Wireless Keyboard 850 Security Feature Bypass Vulnerability.\" This affects Microsoft Wireless Keyboard 850."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "NVD-CWE-noinfo"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8117",
              "refsource": "CONFIRM",
              "tags": [
                "Patch",
                "Vendor Advisory"
              ],
              "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8117"
            },
            {
              "name": "103711",
              "refsource": "BID",
              "tags": [
                "Third Party Advisory",
                "VDB Entry"
              ],
              "url": "http://www.securityfocus.com/bid/103711"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "ADJACENT_NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "NONE",
            "baseScore": 7.3,
            "confidentialityImpact": "COMPLETE",
            "integrityImpact": "COMPLETE",
            "vectorString": "AV:A/AC:M/Au:N/C:C/I:C/A:N",
            "version": "2.0"
          },
          "exploitabilityScore": 5.5,
          "impactScore": 9.2,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "HIGH",
          "userInteractionRequired": false
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "HIGH",
            "attackVector": "ADJACENT_NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 6.8,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
            "version": "3.0"
          },
          "exploitabilityScore": 1.6,
          "impactScore": 5.2
        }
      },
      "lastModifiedDate": "2019-10-03T00:03Z",
      "publishedDate": "2018-04-12T01:29Z"
    }
  }
}

CERTFR-2018-AVI-181

Vulnerability from certfr_avis

De multiples vulnérabilités ont été corrigées dans les produits Microsoft. Elles permettent à un attaquant de provoquer une atteinte à la confidentialité des données, une exécution de code à distance et un contournement de la politique de sécurité.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Microsoft	N/A	Microsoft Visual Studio 2017 Version 15.7 Preview
Microsoft	N/A	ChakraCore
Microsoft	N/A	Microsoft Visual Studio 2017 Version 15.6.6
Microsoft	N/A	Microsoft Wireless Keyboard 850
Microsoft	N/A	Microsoft Visual Studio 2010 Service Pack 1
Microsoft	N/A	Microsoft Visual Studio 2013 Update 5
Microsoft	N/A	Microsoft Visual Studio 2015 Update 3
Microsoft	N/A	Microsoft Visual Studio 2017
Microsoft	N/A	Microsoft Visual Studio 2012 Update 5

References

Title

Publication Time

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

CVE-2018-8117 (GCVE-0-2018-8117)

Vulnerability from cvelistv5

fkie_cve-2018-8117

Vulnerability from fkie_nvd

ghsa-3m6p-3rc3-w9wf

Vulnerability from github

var-201804-1515

Vulnerability from variot

cnvd-2018-09631

Vulnerability from cnvd

gsd-2018-8117

Vulnerability from gsd

CERTFR-2018-AVI-181

Vulnerability from certfr_avis

Solution

Tags

Sightings

Nomenclature