fkie_nvd - fkie_cve-2018-16264

fkie_cve-2018-16264

Vulnerability from fkie_nvd

Published

2020-01-22 13:15

Modified

2024-11-21 03:52

Severity ?

6.5 (Medium) - CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Summary

The BlueZ system service in Tizen allows an unprivileged process to partially control Bluetooth or acquire sensitive information, due to improper D-Bus security policy configurations. This affects Tizen before 5.0 M1, and Tizen-based firmwares including Samsung Galaxy Gear series before build RE2.

References

URL	Tags
cve@mitre.org	https://media.defcon.org/DEF%20CON%2026/DEF%20CON%2026%20presentations/Dongsung%20Kim%20and%20Hyoung%20Kee%20Choi%20-%20Updated/DEFCON-26-Dongsung-Kim-and-Hyoung-Kee-Choi-Your-Watch-Can-Watch-You-Updated.pdf	Third Party Advisory
cve@mitre.org	https://review.tizen.org/git/?p=platform/upstream/bluez.git%3Ba=commit%3Bh=ff9878c95efc12d4a4495153ab51e3a09f8d3c01
cve@mitre.org	https://www.youtube.com/watch?v=3IdgBwbOT-g&feature=youtu.be	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://media.defcon.org/DEF%20CON%2026/DEF%20CON%2026%20presentations/Dongsung%20Kim%20and%20Hyoung%20Kee%20Choi%20-%20Updated/DEFCON-26-Dongsung-Kim-and-Hyoung-Kee-Choi-Your-Watch-Can-Watch-You-Updated.pdf	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://review.tizen.org/git/?p=platform/upstream/bluez.git%3Ba=commit%3Bh=ff9878c95efc12d4a4495153ab51e3a09f8d3c01
af854a3a-2127-422b-91ae-364da2661108	https://www.youtube.com/watch?v=3IdgBwbOT-g&feature=youtu.be	Third Party Advisory

Impacted products

Vendor	Product	Version
linux	tizen	1.0
linux	tizen	1.0
linux	tizen	2.0
linux	tizen	2.1
linux	tizen	2.2
linux	tizen	2.2.1
linux	tizen	2.3
linux	tizen	2.3.1
linux	tizen	2.4
linux	tizen	3.0
linux	tizen	3.0
linux	tizen	3.0
linux	tizen	4.0
linux	tizen	4.0
linux	tizen	4.0
linux	tizen	5.0
samsung	galaxy_gear	-

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:linux:tizen:1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "2CE14F41-1DA4-4FB3-AC1E-53B38CE81A13",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:linux:tizen:1.0:m1:*:*:*:*:*:*",
              "matchCriteriaId": "20D9C36E-A873-46A7-A8BA-4A5E0A4BCCA7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:linux:tizen:2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "394C885B-4641-4AE1-913F-1DE2707897DB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:linux:tizen:2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "7C67EE22-0987-4CB5-82C6-18D2AB6D8691",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:linux:tizen:2.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "5E7F6A42-2ECF-4948-A31C-F212E4AF0158",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:linux:tizen:2.2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "6F08ED37-2F08-4663-ADCC-DA8608AFEF68",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:linux:tizen:2.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "DF125805-DE1F-4791-8B25-3759C00C184E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:linux:tizen:2.3.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "44D78961-9103-4C1A-95A7-33CECC3F1172",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:linux:tizen:2.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "A859D388-C803-4562-A83E-89C15AE69F67",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:linux:tizen:3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "8ED4739E-DB36-4298-B6D5-8905B1DB5B59",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:linux:tizen:3.0:m2:*:*:*:*:*:*",
              "matchCriteriaId": "E9F67075-9BCB-4EFF-BE36-790655A96679",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:linux:tizen:3.0:m3:*:*:*:*:*:*",
              "matchCriteriaId": "4667DAE4-A021-4051-8C6F-AA60597FB575",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:linux:tizen:4.0:m1:*:*:*:*:*:*",
              "matchCriteriaId": "43386546-ECB4-4131-A0CA-C9D939C6BD75",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:linux:tizen:4.0:m2:*:*:*:*:*:*",
              "matchCriteriaId": "6A8490E0-CE6A-453B-9DD6-C2D8A777FC82",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:linux:tizen:4.0:m3:*:*:*:*:*:*",
              "matchCriteriaId": "D32007B2-74B6-44A3-8C6F-BB4141B6824A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:linux:tizen:5.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "85EDFA9B-354F-4992-8565-6F39E5AC7EB5",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:samsung:galaxy_gear:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "8B033BF3-3C56-4B7A-92B5-8D1024EB36EE",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The BlueZ system service in Tizen allows an unprivileged process to partially control Bluetooth or acquire sensitive information, due to improper D-Bus security policy configurations. This affects Tizen before 5.0 M1, and Tizen-based firmwares including Samsung Galaxy Gear series before build RE2."
    },
    {
      "lang": "es",
      "value": "El servicio de sistema BlueZ en Tizen, permite a un proceso no privilegiado controlar parcialmente Bluetooth o adquirir informaci\u00f3n confidencial, debido a configuraciones de pol\u00edtica de seguridad D-Bus inapropiadas. Esto afecta a Tizen versiones anteriores a 5.0 M1 y a los firmwares basados ??en Tizen, incluyendo la serie Samsung Galaxy Gear versiones anteriores al build RE2."
    }
  ],
  "id": "CVE-2018-16264",
  "lastModified": "2024-11-21T03:52:24.637",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "LOW",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "ADJACENT_NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 3.3,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:A/AC:L/Au:N/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 6.5,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "ADJACENT_NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 6.5,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2020-01-22T13:15:10.177",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://media.defcon.org/DEF%20CON%2026/DEF%20CON%2026%20presentations/Dongsung%20Kim%20and%20Hyoung%20Kee%20Choi%20-%20Updated/DEFCON-26-Dongsung-Kim-and-Hyoung-Kee-Choi-Your-Watch-Can-Watch-You-Updated.pdf"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://review.tizen.org/git/?p=platform/upstream/bluez.git%3Ba=commit%3Bh=ff9878c95efc12d4a4495153ab51e3a09f8d3c01"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.youtube.com/watch?v=3IdgBwbOT-g\u0026feature=youtu.be"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://media.defcon.org/DEF%20CON%2026/DEF%20CON%2026%20presentations/Dongsung%20Kim%20and%20Hyoung%20Kee%20Choi%20-%20Updated/DEFCON-26-Dongsung-Kim-and-Hyoung-Kee-Choi-Your-Watch-Can-Watch-You-Updated.pdf"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://review.tizen.org/git/?p=platform/upstream/bluez.git%3Ba=commit%3Bh=ff9878c95efc12d4a4495153ab51e3a09f8d3c01"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.youtube.com/watch?v=3IdgBwbOT-g\u0026feature=youtu.be"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-200"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

CVE-2018-16264 (GCVE-0-2018-16264)

Vulnerability from cvelistv5

Published

2020-01-22 12:42

Modified

2024-08-05 10:17