Vulnerability-Lookup

CNVD-2019-29126

Vulnerability from cnvd - Published: 2019-08-28

Title

ABUS Secvest FUAA50000消息传输错误条件漏洞

Description

ABUS Secvest FUAA50000是德国ABUS公司的一款无线遥控器。 ABUS Secvest FUAA50000存在安全漏洞。攻击者可利用漏洞抑制正确接收未经授权的无线报警系统，例如状态探测器发出的指示入侵的信息。

Severity

高

Formal description

目前厂商暂未发布修复措施解决此安全问题，建议使用此软件的用户随时关注厂商主页或参考网址以获取解决办法： https://www.abus.com/

Reference

http://seclists.org/fulldisclosure/2019/Jul/36

Impacted products

Name
ABUS ABUS Secvest FUAA50000 v3.01.01

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2019-14261"
    }
  },
  "description": "ABUS Secvest FUAA50000\u662f\u5fb7\u56fdABUS\u516c\u53f8\u7684\u4e00\u6b3e\u65e0\u7ebf\u9065\u63a7\u5668\u3002\n\nABUS Secvest FUAA50000\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u6f0f\u6d1e\u6291\u5236\u6b63\u786e\u63a5\u6536\u672a\u7ecf\u6388\u6743\u7684\u65e0\u7ebf\u62a5\u8b66\u7cfb\u7edf\uff0c\u4f8b\u5982\u72b6\u6001\u63a2\u6d4b\u5668\u53d1\u51fa\u7684\u6307\u793a\u5165\u4fb5\u7684\u4fe1\u606f\u3002",
  "discovererName": "Matthias Deeg (SySS GmbH), Thomas Detert",
  "formalWay": "\u76ee\u524d\u5382\u5546\u6682\u672a\u53d1\u5e03\u4fee\u590d\u63aa\u65bd\u89e3\u51b3\u6b64\u5b89\u5168\u95ee\u9898\uff0c\u5efa\u8bae\u4f7f\u7528\u6b64\u8f6f\u4ef6\u7684\u7528\u6237\u968f\u65f6\u5173\u6ce8\u5382\u5546\u4e3b\u9875\u6216\u53c2\u8003\u7f51\u5740\u4ee5\u83b7\u53d6\u89e3\u51b3\u529e\u6cd5\uff1a\r\nhttps://www.abus.com/",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2019-29126",
  "openTime": "2019-08-28",
  "products": {
    "product": "ABUS ABUS Secvest FUAA50000 v3.01.01"
  },
  "referenceLink": "http://seclists.org/fulldisclosure/2019/Jul/36",
  "serverity": "\u9ad8",
  "submitTime": "2019-07-29",
  "title": "ABUS Secvest FUAA50000\u6d88\u606f\u4f20\u8f93\u9519\u8bef\u6761\u4ef6\u6f0f\u6d1e"
}

CVE-2019-14261 (GCVE-0-2019-14261)

Vulnerability from cvelistv5 – Published: 2019-09-03 17:53 – Updated: 2024-08-05 00:12

Summary

An issue was discovered on ABUS Secvest FUAA50000 3.01.01 devices. Due to an insufficient implementation of jamming detection, an attacker is able to suppress correctly received RF messages sent between wireless peripheral components, e.g., wireless detectors or remote controls, and the ABUS Secvest alarm central. An attacker is able to perform a "reactive jamming" attack. The reactive jamming simply detects the start of a RF message sent by a component of the ABUS Secvest wireless alarm system, for instance a wireless motion detector (FUBW50000) or a remote control (FUBE50014 or FUBE50015), and overlays it with random data before the original RF message ends. Thereby, the receiver (alarm central) is not able to properly decode the original transmitted signal. This enables an attacker to suppress correctly received RF messages of the wireless alarm system in an unauthorized manner, for instance status messages sent by a detector indicating an intrusion.

Severity

No CVSS data available.

CWE

Assigner

mitre

References

4 references

URL	Tags
https://www.syss.de/fileadmin/dokumente/Publikati…	x_refsource_MISC
http://seclists.org/fulldisclosure/2019/Jul/30	mailing-listx_refsource_FULLDISC
http://packetstormsecurity.com/files/153780/ABUS-…	x_refsource_MISC
https://seclists.org/bugtraq/2019/Jul/52	mailing-listx_refsource_BUGTRAQ

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T00:12:43.370Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2019-004.txt"
          },
          {
            "name": "20190726 [SYSS-2019-004]: ABUS Secvest (FUAA50000) - Message Transmission - Unchecked Error Condition (CWE-391) (CVE-2019-14261)",
            "tags": [
              "mailing-list",
              "x_refsource_FULLDISC",
              "x_transferred"
            ],
            "url": "http://seclists.org/fulldisclosure/2019/Jul/30"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://packetstormsecurity.com/files/153780/ABUS-Secvest-3.01.01-Unchecked-Message-Transmission-Error-Condition.html"
          },
          {
            "name": "20190730 [SYSS-2019-004]: ABUS Secvest (FUAA50000) - Message Transmission - Unchecked Error Condition (CWE-391)",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "https://seclists.org/bugtraq/2019/Jul/52"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "An issue was discovered on ABUS Secvest FUAA50000 3.01.01 devices. Due to an insufficient implementation of jamming detection, an attacker is able to suppress correctly received RF messages sent between wireless peripheral components, e.g., wireless detectors or remote controls, and the ABUS Secvest alarm central. An attacker is able to perform a \"reactive jamming\" attack. The reactive jamming simply detects the start of a RF message sent by a component of the ABUS Secvest wireless alarm system, for instance a wireless motion detector (FUBW50000) or a remote control (FUBE50014 or FUBE50015), and overlays it with random data before the original RF message ends. Thereby, the receiver (alarm central) is not able to properly decode the original transmitted signal. This enables an attacker to suppress correctly received RF messages of the wireless alarm system in an unauthorized manner, for instance status messages sent by a detector indicating an intrusion."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2019-09-03T17:54:58.000Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2019-004.txt"
        },
        {
          "name": "20190726 [SYSS-2019-004]: ABUS Secvest (FUAA50000) - Message Transmission - Unchecked Error Condition (CWE-391) (CVE-2019-14261)",
          "tags": [
            "mailing-list",
            "x_refsource_FULLDISC"
          ],
          "url": "http://seclists.org/fulldisclosure/2019/Jul/30"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://packetstormsecurity.com/files/153780/ABUS-Secvest-3.01.01-Unchecked-Message-Transmission-Error-Condition.html"
        },
        {
          "name": "20190730 [SYSS-2019-004]: ABUS Secvest (FUAA50000) - Message Transmission - Unchecked Error Condition (CWE-391)",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "https://seclists.org/bugtraq/2019/Jul/52"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2019-14261",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "An issue was discovered on ABUS Secvest FUAA50000 3.01.01 devices. Due to an insufficient implementation of jamming detection, an attacker is able to suppress correctly received RF messages sent between wireless peripheral components, e.g., wireless detectors or remote controls, and the ABUS Secvest alarm central. An attacker is able to perform a \"reactive jamming\" attack. The reactive jamming simply detects the start of a RF message sent by a component of the ABUS Secvest wireless alarm system, for instance a wireless motion detector (FUBW50000) or a remote control (FUBE50014 or FUBE50015), and overlays it with random data before the original RF message ends. Thereby, the receiver (alarm central) is not able to properly decode the original transmitted signal. This enables an attacker to suppress correctly received RF messages of the wireless alarm system in an unauthorized manner, for instance status messages sent by a detector indicating an intrusion."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2019-004.txt",
              "refsource": "MISC",
              "url": "https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2019-004.txt"
            },
            {
              "name": "20190726 [SYSS-2019-004]: ABUS Secvest (FUAA50000) - Message Transmission - Unchecked Error Condition (CWE-391) (CVE-2019-14261)",
              "refsource": "FULLDISC",
              "url": "http://seclists.org/fulldisclosure/2019/Jul/30"
            },
            {
              "name": "http://packetstormsecurity.com/files/153780/ABUS-Secvest-3.01.01-Unchecked-Message-Transmission-Error-Condition.html",
              "refsource": "MISC",
              "url": "http://packetstormsecurity.com/files/153780/ABUS-Secvest-3.01.01-Unchecked-Message-Transmission-Error-Condition.html"
            },
            {
              "name": "20190730 [SYSS-2019-004]: ABUS Secvest (FUAA50000) - Message Transmission - Unchecked Error Condition (CWE-391)",
              "refsource": "BUGTRAQ",
              "url": "https://seclists.org/bugtraq/2019/Jul/52"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2019-14261",
    "datePublished": "2019-09-03T17:53:38.000Z",
    "dateReserved": "2019-07-25T00:00:00.000Z",
    "dateUpdated": "2024-08-05T00:12:43.370Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date	Other

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CNVD-2019-29126

CVE-2019-14261 (GCVE-0-2019-14261)

Tags

Sightings

Nomenclature