Vulnerability-Lookup

CVE-2019-9860 (GCVE-0-2019-9860)

Vulnerability from cvelistv5 – Published: 2019-03-27 14:01 – Updated: 2024-08-04 22:01

Summary

Severity

7.5 (High)


                        
                          CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE

Assigner

mitre

References

1 reference

URL	Tags
https://www.syss.de/fileadmin/dokumente/Publikati…	x_refsource_MISC

Date Public

2019-03-25 00:00

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T22:01:54.916Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2018-036.txt"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2019-03-25T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "Due to unencrypted signal communication and predictability of rolling codes, an attacker can \"desynchronize\" an ABUS Secvest wireless remote control (FUBE50014 or FUBE50015) relative to its controlled Secvest wireless alarm system FUAA50000 3.01.01, so that sent commands by the remote control are not accepted anymore."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2019-03-27T14:01:34.000Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2018-036.txt"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2019-9860",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Due to unencrypted signal communication and predictability of rolling codes, an attacker can \"desynchronize\" an ABUS Secvest wireless remote control (FUBE50014 or FUBE50015) relative to its controlled Secvest wireless alarm system FUAA50000 3.01.01, so that sent commands by the remote control are not accepted anymore."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2018-036.txt",
              "refsource": "MISC",
              "url": "https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2018-036.txt"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2019-9860",
    "datePublished": "2019-03-27T14:01:34.000Z",
    "dateReserved": "2019-03-18T00:00:00.000Z",
    "dateUpdated": "2024-08-04T22:01:54.916Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "epss": {
      "cve": "CVE-2019-9860",
      "date": "2026-06-25",
      "epss": "0.00841",
      "percentile": "0.532"
    },
    "fkie_nvd": {
      "configurations": "[{\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:abus:secvest_wireless_alarm_system_fuaa50000_firmware:3.01.01:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"3C5A31E7-5281-4EDC-9CC5-A887857BB6B7\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:abus:secvest_wireless_alarm_system_fuaa50000:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"CD534B70-3FA6-4712-A30E-A9BEEB9A91CB\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:abus:secvest_wireless_remote_control_fube50014_firmware:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"36446080-FC7A-40C4-B3FA-E431B7208B54\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:abus:secvest_wireless_remote_control_fube50014:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"FE991250-A833-4D6D-9CAE-8802C81917E5\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:abus:secvest_wireless_remote_control_fube50015_firmware:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"9837869E-A954-4E05-B8FA-FF4D41B45E0E\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:abus:secvest_wireless_remote_control_fube50015:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"FF0E3110-7E9E-4FE2-9611-78B4D9819927\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"Due to unencrypted signal communication and predictability of rolling codes, an attacker can \\\"desynchronize\\\" an ABUS Secvest wireless remote control (FUBE50014 or FUBE50015) relative to its controlled Secvest wireless alarm system FUAA50000 3.01.01, so that sent commands by the remote control are not accepted anymore.\"}, {\"lang\": \"es\", \"value\": \"Debido a la comunicaci\\u00f3n de se\\u00f1ales no cifrada y a la predecibilidad de los c\\u00f3digos evolutivos, un atacante puede \\\"desincronizar\\\" un control remoto inal\\u00e1mbrico de ABUS Secvest (FUBE50014 o FUBE50015), relacionado con su sistema de alarma inal\\u00e1mbrica Secvest controlada FUAA50000 3.01.01, por lo que los comandos enviados por el control remoto ya no se aceptan.\"}]",
      "id": "CVE-2019-9860",
      "lastModified": "2024-11-21T04:52:27.370",
      "metrics": "{\"cvssMetricV30\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.0\", \"vectorString\": \"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\", \"baseScore\": 7.5, \"baseSeverity\": \"HIGH\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 3.9, \"impactScore\": 3.6}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:L/Au:N/C:N/I:N/A:P\", \"baseScore\": 5.0, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"LOW\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"PARTIAL\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 10.0, \"impactScore\": 2.9, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
      "published": "2019-03-27T15:29:01.127",
      "references": "[{\"url\": \"https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2018-036.txt\", \"source\": \"cve@mitre.org\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2018-036.txt\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}]",
      "sourceIdentifier": "cve@mitre.org",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-319\"}, {\"lang\": \"en\", \"value\": \"CWE-330\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2019-9860\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2019-03-27T15:29:01.127\",\"lastModified\":\"2024-11-21T04:52:27.370\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Due to unencrypted signal communication and predictability of rolling codes, an attacker can \\\"desynchronize\\\" an ABUS Secvest wireless remote control (FUBE50014 or FUBE50015) relative to its controlled Secvest wireless alarm system FUAA50000 3.01.01, so that sent commands by the remote control are not accepted anymore.\"},{\"lang\":\"es\",\"value\":\"Debido a la comunicaci\u00f3n de se\u00f1ales no cifrada y a la predecibilidad de los c\u00f3digos evolutivos, un atacante puede \\\"desincronizar\\\" un control remoto inal\u00e1mbrico de ABUS Secvest (FUBE50014 o FUBE50015), relacionado con su sistema de alarma inal\u00e1mbrica Secvest controlada FUAA50000 3.01.01, por lo que los comandos enviados por el control remoto ya no se aceptan.\"}],\"metrics\":{\"cvssMetricV30\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":3.6}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:N/I:N/A:P\",\"baseScore\":5.0,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":10.0,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-319\"},{\"lang\":\"en\",\"value\":\"CWE-330\"}]}],\"configurations\":[{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:abus:secvest_wireless_alarm_system_fuaa50000_firmware:3.01.01:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3C5A31E7-5281-4EDC-9CC5-A887857BB6B7\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:abus:secvest_wireless_alarm_system_fuaa50000:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CD534B70-3FA6-4712-A30E-A9BEEB9A91CB\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:abus:secvest_wireless_remote_control_fube50014_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"36446080-FC7A-40C4-B3FA-E431B7208B54\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:abus:secvest_wireless_remote_control_fube50014:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FE991250-A833-4D6D-9CAE-8802C81917E5\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:abus:secvest_wireless_remote_control_fube50015_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9837869E-A954-4E05-B8FA-FF4D41B45E0E\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:abus:secvest_wireless_remote_control_fube50015:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FF0E3110-7E9E-4FE2-9611-78B4D9819927\"}]}]}],\"references\":[{\"url\":\"https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2018-036.txt\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2018-036.txt\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]}]}}"
  }
}

CNVD-2019-08179

Vulnerability from cnvd - Published: 2019-03-26

Title

ABUS Secvest FUBE50014和ABUS Secvest FUBE50015拒绝服务漏洞

Description

ABUS Secvest FUBE50014和ABUS Secvest FUBE50015都是德国ABUS公司的一款无线遥控器。 ABUS Secvest FUBE50014和ABUS Secvest FUBE50015中存在安全漏洞，该漏洞源于程序未加密信号通信并且使用了易被猜测到的滚动码。攻击者可利用该漏洞造成拒绝服务。

Severity

中

Formal description

目前厂商暂未发布修复措施解决此安全问题，建议使用此软件的用户随时关注厂商主页或参考网址以获取解决办法： https://www.abus.com/

Reference

https://packetstormsecurity.com/files/152218/ABUS-Secvest-Remote-Control-Denial-Of-Service.html http://seclists.org/bugtraq/2019/Mar/39

Impacted products

Name
['ABUS ABUS Secvest FUBE50014', 'ABUS ABUS Secvest FUBE50015']

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2019-9860"
    }
  },
  "description": "ABUS Secvest FUBE50014\u548cABUS Secvest FUBE50015\u90fd\u662f\u5fb7\u56fdABUS\u516c\u53f8\u7684\u4e00\u6b3e\u65e0\u7ebf\u9065\u63a7\u5668\u3002\n\nABUS Secvest FUBE50014\u548cABUS Secvest FUBE50015\u4e2d\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u7a0b\u5e8f\u672a\u52a0\u5bc6\u4fe1\u53f7\u901a\u4fe1\u5e76\u4e14\u4f7f\u7528\u4e86\u6613\u88ab\u731c\u6d4b\u5230\u7684\u6eda\u52a8\u7801\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u9020\u6210\u62d2\u7edd\u670d\u52a1\u3002",
  "discovererName": "Matthias Deeg (SySS GmbH), Thomas Detert",
  "formalWay": "\u76ee\u524d\u5382\u5546\u6682\u672a\u53d1\u5e03\u4fee\u590d\u63aa\u65bd\u89e3\u51b3\u6b64\u5b89\u5168\u95ee\u9898\uff0c\u5efa\u8bae\u4f7f\u7528\u6b64\u8f6f\u4ef6\u7684\u7528\u6237\u968f\u65f6\u5173\u6ce8\u5382\u5546\u4e3b\u9875\u6216\u53c2\u8003\u7f51\u5740\u4ee5\u83b7\u53d6\u89e3\u51b3\u529e\u6cd5\uff1a\r\nhttps://www.abus.com/",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2019-08179",
  "openTime": "2019-03-26",
  "products": {
    "product": [
      "ABUS ABUS Secvest FUBE50014",
      "ABUS ABUS Secvest FUBE50015"
    ]
  },
  "referenceLink": "https://packetstormsecurity.com/files/152218/ABUS-Secvest-Remote-Control-Denial-Of-Service.html\r\nhttp://seclists.org/bugtraq/2019/Mar/39",
  "serverity": "\u4e2d",
  "submitTime": "2019-03-26",
  "title": "ABUS Secvest FUBE50014\u548cABUS Secvest FUBE50015\u62d2\u7edd\u670d\u52a1\u6f0f\u6d1e"
}

FKIE_CVE-2019-9860

Vulnerability from fkie_nvd - Published: 2019-03-27 15:29 - Updated: 2026-06-17 02:44

Severity

7.5 (High) - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Summary

References

	URL	Tags
	cve@mitre.org	https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2018-036.txt	Third Party Advisory
	af854a3a-2127-422b-91ae-364da2661108	https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2018-036.txt	Third Party Advisory

Impacted products

Vendor	Product	Version
abus	secvest_wireless_alarm_system_fuaa50000_firmware	3.01.01
abus	secvest_wireless_alarm_system_fuaa50000	-
abus	secvest_wireless_remote_control_fube50014_firmware	-
abus	secvest_wireless_remote_control_fube50014	-
abus	secvest_wireless_remote_control_fube50015_firmware	-
abus	secvest_wireless_remote_control_fube50015	-

JSON

To clipboard

{
  "affected": [
    {
      "affectedData": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "source": "cve@mitre.org"
    }
  ],
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:abus:secvest_wireless_alarm_system_fuaa50000_firmware:3.01.01:*:*:*:*:*:*:*",
              "matchCriteriaId": "3C5A31E7-5281-4EDC-9CC5-A887857BB6B7",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:abus:secvest_wireless_alarm_system_fuaa50000:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "CD534B70-3FA6-4712-A30E-A9BEEB9A91CB",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:abus:secvest_wireless_remote_control_fube50014_firmware:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "36446080-FC7A-40C4-B3FA-E431B7208B54",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:abus:secvest_wireless_remote_control_fube50014:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "FE991250-A833-4D6D-9CAE-8802C81917E5",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:abus:secvest_wireless_remote_control_fube50015_firmware:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "9837869E-A954-4E05-B8FA-FF4D41B45E0E",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:abus:secvest_wireless_remote_control_fube50015:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "FF0E3110-7E9E-4FE2-9611-78B4D9819927",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Due to unencrypted signal communication and predictability of rolling codes, an attacker can \"desynchronize\" an ABUS Secvest wireless remote control (FUBE50014 or FUBE50015) relative to its controlled Secvest wireless alarm system FUAA50000 3.01.01, so that sent commands by the remote control are not accepted anymore."
    },
    {
      "lang": "es",
      "value": "Debido a la comunicaci\u00f3n de se\u00f1ales no cifrada y a la predecibilidad de los c\u00f3digos evolutivos, un atacante puede \"desincronizar\" un control remoto inal\u00e1mbrico de ABUS Secvest (FUBE50014 o FUBE50015), relacionado con su sistema de alarma inal\u00e1mbrica Secvest controlada FUAA50000 3.01.01, por lo que los comandos enviados por el control remoto ya no se aceptan."
    }
  ],
  "id": "CVE-2019-9860",
  "lastModified": "2026-06-17T02:44:44.533",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 5.0,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 7.5,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
          "version": "3.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2019-03-27T15:29:01.127",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2018-036.txt"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2018-036.txt"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-319"
        },
        {
          "lang": "en",
          "value": "CWE-330"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

GHSA-FVJ5-W64C-P3RQ

Vulnerability from github – Published: 2022-05-13 01:08 – Updated: 2022-05-13 01:08

Details

Severity

7.5 (High)


                  
                    CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2019-9860"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-330"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2019-03-27T15:29:00Z",
    "severity": "HIGH"
  },
  "details": "Due to unencrypted signal communication and predictability of rolling codes, an attacker can \"desynchronize\" an ABUS Secvest wireless remote control (FUBE50014 or FUBE50015) relative to its controlled Secvest wireless alarm system FUAA50000 3.01.01, so that sent commands by the remote control are not accepted anymore.",
  "id": "GHSA-fvj5-w64c-p3rq",
  "modified": "2022-05-13T01:08:21Z",
  "published": "2022-05-13T01:08:21Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-9860"
    },
    {
      "type": "WEB",
      "url": "https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2018-036.txt"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GSD-2019-9860

Vulnerability from gsd - Updated: 2023-12-13 01:23

Details

Aliases

CVE-2019-9860

Aliases

CVE-2019-9860

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2019-9860",
    "description": "Due to unencrypted signal communication and predictability of rolling codes, an attacker can \"desynchronize\" an ABUS Secvest wireless remote control (FUBE50014 or FUBE50015) relative to its controlled Secvest wireless alarm system FUAA50000 3.01.01, so that sent commands by the remote control are not accepted anymore.",
    "id": "GSD-2019-9860"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2019-9860"
      ],
      "details": "Due to unencrypted signal communication and predictability of rolling codes, an attacker can \"desynchronize\" an ABUS Secvest wireless remote control (FUBE50014 or FUBE50015) relative to its controlled Secvest wireless alarm system FUAA50000 3.01.01, so that sent commands by the remote control are not accepted anymore.",
      "id": "GSD-2019-9860",
      "modified": "2023-12-13T01:23:47.398926Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cve@mitre.org",
        "ID": "CVE-2019-9860",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Due to unencrypted signal communication and predictability of rolling codes, an attacker can \"desynchronize\" an ABUS Secvest wireless remote control (FUBE50014 or FUBE50015) relative to its controlled Secvest wireless alarm system FUAA50000 3.01.01, so that sent commands by the remote control are not accepted anymore."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2018-036.txt",
            "refsource": "MISC",
            "url": "https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2018-036.txt"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:abus:secvest_wireless_alarm_system_fuaa50000_firmware:3.01.01:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:abus:secvest_wireless_alarm_system_fuaa50000:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:abus:secvest_wireless_remote_control_fube50014_firmware:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:abus:secvest_wireless_remote_control_fube50014:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:abus:secvest_wireless_remote_control_fube50015_firmware:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:abus:secvest_wireless_remote_control_fube50015:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2019-9860"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Due to unencrypted signal communication and predictability of rolling codes, an attacker can \"desynchronize\" an ABUS Secvest wireless remote control (FUBE50014 or FUBE50015) relative to its controlled Secvest wireless alarm system FUAA50000 3.01.01, so that sent commands by the remote control are not accepted anymore."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-330"
                },
                {
                  "lang": "en",
                  "value": "CWE-319"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2018-036.txt",
              "refsource": "MISC",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2018-036.txt"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "acInsufInfo": false,
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 5.0,
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
            "version": "2.0"
          },
          "exploitabilityScore": 10.0,
          "impactScore": 2.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": false
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.0"
          },
          "exploitabilityScore": 3.9,
          "impactScore": 3.6
        }
      },
      "lastModifiedDate": "2021-07-21T11:39Z",
      "publishedDate": "2019-03-27T15:29Z"
    }
  }
}

VAR-201903-0070

Vulnerability from variot - Updated: 2023-12-18 13:56

Due to unencrypted signal communication and predictability of rolling codes, an attacker can "desynchronize" an ABUS Secvest wireless remote control (FUBE50014 or FUBE50015) relative to its controlled Secvest wireless alarm system FUAA50000 3.01.01, so that sent commands by the remote control are not accepted anymore. ABUSSecvestFUBE50014 and ABUSSecvestFUBE50015 are both wireless remote controls from ABUS, Germany. A security vulnerability exists in ABUSSecvestFUBE50014 and ABUSSecvestFUBE50015 that originated from program unencrypted signal communication and used a rolling code that was easily guessed. An attacker could exploit the vulnerability to cause a denial of service. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512

Advisory ID: SYSS-2018-036 Product: ABUS Secvest Remote Control (FUBE50014, FUBE50015) Manufacturer: ABUS Affected Version(s): n/a Tested Version(s): n/a Vulnerability Type: Denial of Service - Uncontrolled Resource Consumption (CWE-400) Risk Level: Low Solution Status: Open Manufacturer Notification: 2018-11-21 Solution Date: - Public Disclosure: 2019-03-25 CVE Reference: CVE-2019-9860 Authors of Advisory: Matthias Deeg (SySS GmbH), Thomas Detert


Overview:

ABUS Secvest FUBE50014 and FUBE50015 are wireless remote controls for
the ABUS Secvest wireless alarm system. 

Some of the device features as described by the manufacturer are
(see [1]):

"
* User-friendly remote control with easily identifiable symbols
* Features \x91arm\x92, \x91disarm\x92 and \x91status query\x92 keys
* 8 LEDs provide an overview and display current system status
* Button for custom configuration available (Secvest wireless alarm
  system only)
* Optional manual panic alarm available (Secvest wireless alarm system
  only)
* Encrypted signal transmission
* Rolling Code
  Thanks to the rolling code process this product is protected against
  so-called replay attacks. All controlling signals between this product
  and the Secvest alarm panel are in individualised and thus, are not
  able to be reproduced by third parties. This process is protected
  from third party tampering, and exceeds the requirements of the
  DIN EN 50131-1 level 2 security standard.

Proof of Concept (PoC):

Thomas Detert developed a Teensy-based PoC tool using a CC1101 sub-1GHz transceiver that allows disarming the alarm system in an unauthorized way. He provided his tool including documentation and source to SySS GmbH for responsible disclosure purposes.

Based on Mr. Detert's PoC tool, SySS GmbH developed a Python tool for the RFCat-based radio dongle YARD Stick One (see [4]) for demonstrating this simple denial-of-service (DoS) attack against the ABUS Secvest wireless remote controls FUBE50014 and FUBE50015.


Solution:

SySS GmbH is not aware of a solution for this reported security
vulnerability.

Disclosure Timeline:

2018-11-21: Vulnerability reported to manufacturer 2018-11-28: Vulnerability reported to manufacturer once more 2018-12-12: E-mail to ABUS support asking if they are going to give some feedback regarding the reported security issue 2018-12-12: Phone call with ABUS support, the reported security advisories were forwarded to the ABUS Security Center Support 2018-12-12: E-mail to ABUS Security Center Support asking if they are going to give some feedback regarding the reported security issue 2019-01-14: Updated information regarding remote control ABUS Secvest FUBE50015 2019-03-25: Public release of security advisory


References:

[1] Product website for ABUS Secvest wireless remote control
    https://www.abus.com/eng/Home-Security/Alarm-systems/Secvest-wireless-alarm-system/Control-devices-and-extensions/Secvest-Wireless-Remote-Control2
[2] SySS Security Advisory SYSS-2018-035
    https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2018-035.txt
[3] SySS Security Advisory SYSS-2018-034
    https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2018-034.txt
[4] Product website YARD Stick One
    https://greatscottgadgets.com/yardstickone/
[5] SySS Security Advisory SYSS-2018-036
    https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2018-036.txt
[6] SySS GmbH, SySS Responsible Disclosure Policy
    https://www.syss.de/en/news/responsible-disclosure-policy/

Credits:

This security vulnerability was found by Thomas Detert.

Mr. Detert reported his finding to SySS GmbH where it was verified and later reported to the manufacturer by Matthias Deeg.

E-Mail: matthias.deeg (at) syss.de Public Key: https://www.syss.de/fileadmin/dokumente/Materialien/PGPKeys/Matthias_Deeg.asc Key fingerprint = D1F0 A035 F06C E675 CDB9 0514 D9A4 BF6A 34AD 4DAB


Disclaimer:

The information provided in this security advisory is provided "as is"
and without warranty of any kind. Details of this security advisory may
be updated in order to provide as accurate information as possible. The
latest version of this security advisory is available on the SySS Web
site.

Creative Commons - Attribution (by) - Version 3.0 URL: http://creativecommons.org/licenses/by/3.0/deed.en

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEE0fCgNfBs5nXNuQUU2aS/ajStTasFAlyUoMMACgkQ2aS/ajSt TatXPw/8CKe79eTckW/tXs4iIXP3hRTwy3+doB5r92txbd5OkayGRvfY6nGLX+LB naael/ZimlLq6QfNZsMiFli1+L9PS3IB52Suo2w7thHcTvz+fPJVfMt0fTkeGTvX mTfm8/ZsQ1vH0uU2EccwL5aVatiVHzuowJd6yv9afWBQ+ci8fShFmm7FGgfeCWoP Z3iOfttXlpPNMUsk9gMum+UeyqBsGSj0KjJxy3Cuugz783IPB+hdDWLPigmdtZPO chO7jEC6JXQJXt5UK/F8CdSZ1xF1NhfpQ9NvzvIBeEMy7V19S3EUnsow88i8HOSL pkRtISvp98QHfomJMCUUXRe6DSnXFyVy416zgw753610vCvlVH9pgKZ2JlyHragA YKSbadah2qqmYOm6Z7NMuXVNA+TqNh70u14IOl1bdr+Gp1nbvdcORMdU0aoBZfO+ KdyVBbeZgOQ9jOFs8dZzzMCuCx3eMsby4Ynwwnuu/YS4j1fwaK6l+G+nOEHLzc+J U2txKilfISr3kupFj/UBYzd7AjHul7C7Uu8LzI/HcAWSlv/zwtc0PiluAjFV1C7x pyaICS9AISt4YzNXUyH/bm2NkehxXz6lMnvJ4j8jvJJbdbvlgyhnKXovZMzRlN8Y 0WLRQtlTx/zYjZyD+qw5/L53qx3An0OYBVLLYFduU9FgZbgnbnM= =Zb9J -----END PGP SIGNATURE-----

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201903-0070",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "secvest wireless alarm system fuaa50000",
        "scope": "eq",
        "trust": 1.8,
        "vendor": "abus",
        "version": "3.01.01"
      },
      {
        "model": "secvest wireless remote control fube50015",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "abus",
        "version": null
      },
      {
        "model": "secvest wireless remote control fube50014",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "abus",
        "version": null
      },
      {
        "model": "secvest wireless remote control fube50014",
        "scope": null,
        "trust": 0.8,
        "vendor": "abus",
        "version": null
      },
      {
        "model": "secvest wireless remote control fube50015",
        "scope": null,
        "trust": 0.8,
        "vendor": "abus",
        "version": null
      },
      {
        "model": "secvest fube50014",
        "scope": null,
        "trust": 0.6,
        "vendor": "abus",
        "version": null
      },
      {
        "model": "secvest fube50015",
        "scope": null,
        "trust": 0.6,
        "vendor": "abus",
        "version": null
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2019-08179"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-003056"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-9860"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:abus:secvest_wireless_alarm_system_fuaa50000_firmware:3.01.01:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:abus:secvest_wireless_alarm_system_fuaa50000:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:abus:secvest_wireless_remote_control_fube50014_firmware:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:abus:secvest_wireless_remote_control_fube50014:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:abus:secvest_wireless_remote_control_fube50015_firmware:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:abus:secvest_wireless_remote_control_fube50015:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2019-9860"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Matthias Deeg",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201903-929"
      }
    ],
    "trust": 0.6
  },
  "cve": "CVE-2019-9860",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "PARTIAL",
            "baseScore": 5.0,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 10.0,
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "MEDIUM",
            "trust": 1.0,
            "userInteractionRequired": false,
            "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Low",
            "accessVector": "Network",
            "authentication": "None",
            "author": "NVD",
            "availabilityImpact": "Partial",
            "baseScore": 5.0,
            "confidentialityImpact": "None",
            "exploitabilityScore": null,
            "id": "CVE-2019-9860",
            "impactScore": null,
            "integrityImpact": "None",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "Medium",
            "trust": 0.8,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "CNVD",
            "availabilityImpact": "PARTIAL",
            "baseScore": 5.0,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 10.0,
            "id": "CNVD-2019-08179",
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "severity": "MEDIUM",
            "trust": 0.6,
            "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "PARTIAL",
            "baseScore": 5.0,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 10.0,
            "id": "VHN-161295",
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "severity": "MEDIUM",
            "trust": 0.1,
            "vectorString": "AV:N/AC:L/AU:N/C:N/I:N/A:P",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "author": "NVD",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 3.9,
            "impactScore": 3.6,
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.0"
          },
          {
            "attackComplexity": "Low",
            "attackVector": "Network",
            "author": "NVD",
            "availabilityImpact": "High",
            "baseScore": 7.5,
            "baseSeverity": "High",
            "confidentialityImpact": "None",
            "exploitabilityScore": null,
            "id": "CVE-2019-9860",
            "impactScore": null,
            "integrityImpact": "None",
            "privilegesRequired": "None",
            "scope": "Unchanged",
            "trust": 0.8,
            "userInteraction": "None",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2019-9860",
            "trust": 1.8,
            "value": "HIGH"
          },
          {
            "author": "CNVD",
            "id": "CNVD-2019-08179",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201903-929",
            "trust": 0.6,
            "value": "HIGH"
          },
          {
            "author": "VULHUB",
            "id": "VHN-161295",
            "trust": 0.1,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2019-08179"
      },
      {
        "db": "VULHUB",
        "id": "VHN-161295"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-003056"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-9860"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201903-929"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Due to unencrypted signal communication and predictability of rolling codes, an attacker can \"desynchronize\" an ABUS Secvest wireless remote control (FUBE50014 or FUBE50015) relative to its controlled Secvest wireless alarm system FUAA50000 3.01.01, so that sent commands by the remote control are not accepted anymore. ABUSSecvestFUBE50014 and ABUSSecvestFUBE50015 are both wireless remote controls from ABUS, Germany. A security vulnerability exists in ABUSSecvestFUBE50014 and ABUSSecvestFUBE50015 that originated from program unencrypted signal communication and used a rolling code that was easily guessed. An attacker could exploit the vulnerability to cause a denial of service. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA512\n\nAdvisory ID: SYSS-2018-036\nProduct: ABUS Secvest Remote Control (FUBE50014, FUBE50015)\nManufacturer: ABUS\nAffected Version(s): n/a\nTested Version(s): n/a\nVulnerability Type: Denial of Service - Uncontrolled Resource Consumption (CWE-400)\nRisk Level: Low\nSolution Status: Open\nManufacturer Notification: 2018-11-21\nSolution Date: -\nPublic Disclosure: 2019-03-25\nCVE Reference: CVE-2019-9860\nAuthors of Advisory: Matthias Deeg (SySS GmbH), Thomas Detert\n\n~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~\n\nOverview:\n\nABUS Secvest FUBE50014 and FUBE50015 are wireless remote controls for\nthe ABUS Secvest wireless alarm system. \n\nSome of the device features as described by the manufacturer are\n(see [1]):\n\n\"\n* User-friendly remote control with easily identifiable symbols\n* Features \\x91arm\\x92, \\x91disarm\\x92 and \\x91status query\\x92 keys\n* 8 LEDs provide an overview and display current system status\n* Button for custom configuration available (Secvest wireless alarm\n  system only)\n* Optional manual panic alarm available (Secvest wireless alarm system\n  only)\n* Encrypted signal transmission\n* Rolling Code\n  Thanks to the rolling code process this product is protected against\n  so-called replay attacks. All controlling signals between this product\n  and the Secvest alarm panel are in individualised and thus, are not\n  able to be reproduced by third parties. This process is protected\n  from third party tampering, and exceeds the requirements of the\n  DIN EN 50131-1 level 2 security standard. \n\n~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~\n\nProof of Concept (PoC):\n\nThomas Detert developed a Teensy-based PoC tool using a CC1101 sub-1GHz\ntransceiver that allows disarming the alarm system in an unauthorized\nway. He provided his tool including documentation and source to SySS\nGmbH for responsible disclosure purposes. \n\nBased on Mr. Detert\u0027s PoC tool, SySS GmbH developed a Python tool for\nthe RFCat-based radio dongle YARD Stick One (see [4]) for demonstrating\nthis simple denial-of-service (DoS) attack against the ABUS Secvest\nwireless remote controls FUBE50014 and FUBE50015. \n\n~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~\n\nSolution:\n\nSySS GmbH is not aware of a solution for this reported security\nvulnerability. \n\n~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~\n\nDisclosure Timeline:\n\n2018-11-21: Vulnerability reported to manufacturer\n2018-11-28: Vulnerability reported to manufacturer once more\n2018-12-12: E-mail to ABUS support asking if they are going to give\n            some feedback regarding the reported security issue\n2018-12-12: Phone call with ABUS support, the reported security\n            advisories were forwarded to the ABUS Security Center\n            Support\n2018-12-12: E-mail to ABUS Security Center Support asking if they are\n            going to give some feedback regarding the reported security\n            issue\n2019-01-14: Updated information regarding remote control ABUS Secvest\n            FUBE50015\n2019-03-25: Public release of security advisory\n\n~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~\n\nReferences:\n\n[1] Product website for ABUS Secvest wireless remote control\n    https://www.abus.com/eng/Home-Security/Alarm-systems/Secvest-wireless-alarm-system/Control-devices-and-extensions/Secvest-Wireless-Remote-Control2\n[2] SySS Security Advisory SYSS-2018-035\n    https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2018-035.txt\n[3] SySS Security Advisory SYSS-2018-034\n    https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2018-034.txt\n[4] Product website YARD Stick One\n    https://greatscottgadgets.com/yardstickone/\n[5] SySS Security Advisory SYSS-2018-036\n    https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2018-036.txt\n[6] SySS GmbH, SySS Responsible Disclosure Policy\n    https://www.syss.de/en/news/responsible-disclosure-policy/\n\n~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~\n\nCredits:\n\nThis security vulnerability was found by Thomas Detert. \n\nMr. Detert reported his finding to SySS GmbH where it was verified and\nlater reported to the manufacturer by Matthias Deeg. \n\nE-Mail: matthias.deeg (at) syss.de\nPublic Key: https://www.syss.de/fileadmin/dokumente/Materialien/PGPKeys/Matthias_Deeg.asc\nKey fingerprint = D1F0 A035 F06C E675 CDB9 0514 D9A4 BF6A 34AD 4DAB\n\n~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~\n\nDisclaimer:\n\nThe information provided in this security advisory is provided \"as is\"\nand without warranty of any kind. Details of this security advisory may\nbe updated in order to provide as accurate information as possible. The\nlatest version of this security advisory is available on the SySS Web\nsite. \n\n~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~\n\nCopyright:\n\nCreative Commons - Attribution (by) - Version 3.0\nURL: http://creativecommons.org/licenses/by/3.0/deed.en\n\n-----BEGIN PGP SIGNATURE-----\n\niQIzBAEBCgAdFiEE0fCgNfBs5nXNuQUU2aS/ajStTasFAlyUoMMACgkQ2aS/ajSt\nTatXPw/8CKe79eTckW/tXs4iIXP3hRTwy3+doB5r92txbd5OkayGRvfY6nGLX+LB\nnaael/ZimlLq6QfNZsMiFli1+L9PS3IB52Suo2w7thHcTvz+fPJVfMt0fTkeGTvX\nmTfm8/ZsQ1vH0uU2EccwL5aVatiVHzuowJd6yv9afWBQ+ci8fShFmm7FGgfeCWoP\nZ3iOfttXlpPNMUsk9gMum+UeyqBsGSj0KjJxy3Cuugz783IPB+hdDWLPigmdtZPO\nchO7jEC6JXQJXt5UK/F8CdSZ1xF1NhfpQ9NvzvIBeEMy7V19S3EUnsow88i8HOSL\npkRtISvp98QHfomJMCUUXRe6DSnXFyVy416zgw753610vCvlVH9pgKZ2JlyHragA\nYKSbadah2qqmYOm6Z7NMuXVNA+TqNh70u14IOl1bdr+Gp1nbvdcORMdU0aoBZfO+\nKdyVBbeZgOQ9jOFs8dZzzMCuCx3eMsby4Ynwwnuu/YS4j1fwaK6l+G+nOEHLzc+J\nU2txKilfISr3kupFj/UBYzd7AjHul7C7Uu8LzI/HcAWSlv/zwtc0PiluAjFV1C7x\npyaICS9AISt4YzNXUyH/bm2NkehxXz6lMnvJ4j8jvJJbdbvlgyhnKXovZMzRlN8Y\n0WLRQtlTx/zYjZyD+qw5/L53qx3An0OYBVLLYFduU9FgZbgnbnM=\n=Zb9J\n-----END PGP SIGNATURE-----\n\n\n",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2019-9860"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-003056"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2019-08179"
      },
      {
        "db": "VULHUB",
        "id": "VHN-161295"
      },
      {
        "db": "PACKETSTORM",
        "id": "152218"
      }
    ],
    "trust": 2.34
  },
  "exploit_availability": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "reference": "https://www.scap.org.cn/vuln/vhn-161295",
        "trust": 0.1,
        "type": "unknown"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-161295"
      }
    ]
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2019-9860",
        "trust": 3.2
      },
      {
        "db": "PACKETSTORM",
        "id": "152218",
        "trust": 1.4
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-003056",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201903-929",
        "trust": 0.7
      },
      {
        "db": "CNVD",
        "id": "CNVD-2019-08179",
        "trust": 0.6
      },
      {
        "db": "VULHUB",
        "id": "VHN-161295",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2019-08179"
      },
      {
        "db": "VULHUB",
        "id": "VHN-161295"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-003056"
      },
      {
        "db": "PACKETSTORM",
        "id": "152218"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-9860"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201903-929"
      }
    ]
  },
  "id": "VAR-201903-0070",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2019-08179"
      },
      {
        "db": "VULHUB",
        "id": "VHN-161295"
      }
    ],
    "trust": 1.7
  },
  "iot_taxonomy": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "category": [
          "Network device"
        ],
        "sub_category": null,
        "trust": 0.6
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2019-08179"
      }
    ]
  },
  "last_update_date": "2023-12-18T13:56:47.419000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "Top Page",
        "trust": 0.8,
        "url": "https://www.abus.com/"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-003056"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-319",
        "trust": 1.0
      },
      {
        "problemtype": "CWE-330",
        "trust": 1.0
      },
      {
        "problemtype": "CWE-332",
        "trust": 0.9
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-161295"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-003056"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-9860"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.6,
        "url": "https://www.syss.de/fileadmin/dokumente/publikationen/advisories/syss-2018-036.txt"
      },
      {
        "trust": 1.5,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-9860"
      },
      {
        "trust": 1.2,
        "url": "https://packetstormsecurity.com/files/152218/abus-secvest-remote-control-denial-of-service.html"
      },
      {
        "trust": 0.8,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-9860"
      },
      {
        "trust": 0.6,
        "url": "http://seclists.org/bugtraq/2019/mar/39"
      },
      {
        "trust": 0.1,
        "url": "http://creativecommons.org/licenses/by/3.0/deed.en"
      },
      {
        "trust": 0.1,
        "url": "https://www.abus.com/eng/home-security/alarm-systems/secvest-wireless-alarm-system/control-devices-and-extensions/secvest-wireless-remote-control2"
      },
      {
        "trust": 0.1,
        "url": "https://www.syss.de/fileadmin/dokumente/publikationen/advisories/syss-2018-034.txt"
      },
      {
        "trust": 0.1,
        "url": "https://www.syss.de/en/news/responsible-disclosure-policy/"
      },
      {
        "trust": 0.1,
        "url": "https://www.syss.de/fileadmin/dokumente/publikationen/advisories/syss-2018-035.txt"
      },
      {
        "trust": 0.1,
        "url": "https://www.syss.de/fileadmin/dokumente/materialien/pgpkeys/matthias_deeg.asc"
      },
      {
        "trust": 0.1,
        "url": "https://greatscottgadgets.com/yardstickone/"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2019-08179"
      },
      {
        "db": "VULHUB",
        "id": "VHN-161295"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-003056"
      },
      {
        "db": "PACKETSTORM",
        "id": "152218"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-9860"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201903-929"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "CNVD",
        "id": "CNVD-2019-08179"
      },
      {
        "db": "VULHUB",
        "id": "VHN-161295"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-003056"
      },
      {
        "db": "PACKETSTORM",
        "id": "152218"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-9860"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201903-929"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2019-03-26T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2019-08179"
      },
      {
        "date": "2019-03-27T00:00:00",
        "db": "VULHUB",
        "id": "VHN-161295"
      },
      {
        "date": "2019-05-08T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2019-003056"
      },
      {
        "date": "2019-03-25T16:09:02",
        "db": "PACKETSTORM",
        "id": "152218"
      },
      {
        "date": "2019-03-27T15:29:01.127000",
        "db": "NVD",
        "id": "CVE-2019-9860"
      },
      {
        "date": "2019-03-25T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201903-929"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2019-04-01T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2019-08179"
      },
      {
        "date": "2019-04-02T00:00:00",
        "db": "VULHUB",
        "id": "VHN-161295"
      },
      {
        "date": "2019-05-08T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2019-003056"
      },
      {
        "date": "2021-07-21T11:39:23.747000",
        "db": "NVD",
        "id": "CVE-2019-9860"
      },
      {
        "date": "2019-04-03T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201903-929"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "PACKETSTORM",
        "id": "152218"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201903-929"
      }
    ],
    "trust": 0.7
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "plural  ABUS In product  PRNG Inadequate entropy vulnerability",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-003056"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "lack of information",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201903-929"
      }
    ],
    "trust": 0.6
  }
}

Sightings

Author	Source	Type	Date	Other

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2019-9860 (GCVE-0-2019-9860)

CNVD-2019-08179

FKIE_CVE-2019-9860

GHSA-FVJ5-W64C-P3RQ

GSD-2019-9860

VAR-201903-0070

Tags

Sightings

Nomenclature