VAR-201903-0072
Vulnerability from variot - Updated: 2023-12-18 13:56Due to the use of an insecure algorithm for rolling codes in the ABUS Secvest wireless alarm system FUAA50000 3.01.01 and its remote controls FUBE50014 and FUBE50015, an attacker is able to predict valid future rolling codes, and can thus remotely control the alarm system in an unauthorized way. ABUS Secvest wireless alarm system FUAA50000 , remote control FUBE50014 , FUBE50015 Contains a cryptographic strength vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. ABUS Secvest FUBE50014 is a wireless remote control of ABUS company in Germany. There are security vulnerabilities in ABUS Secvest FUAA50000, FUBE50014, and FUB50015. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512
Advisory ID: SYSS-2018-034 Product: ABUS Secvest (FUAA50000) Manufacturer: ABUS Affected Version(s): v3.01.01 Tested Version(s): v3.01.01 Vulnerability Type: Rolling Code - Predictable from Observable State (CWE-341) Risk Level: High Solution Status: Open Manufacturer Notification: 2018-11-21 Solution Date: - Public Disclosure: 2019-03-25 CVE Reference: CVE-2019-9863 Authors of Advisory: Matthias Deeg (SySS GmbH), Thomas Detert
Overview:
ABUS Secvest (FUAA50000) is a wireless alarm system with different
features.
Proof of Concept (PoC):
Thomas Detert developed a Teensy-based PoC tool using a CC1101 sub-1GHz transceiver that allows disarming the alarm system in an unauthorized way. He provided his tool including documentation and source to SySS GmbH for responsible disclosure purposes. Detert's PoC tool, a developed Python tool for the RFCat-based radio dongle YARD Stick One (see [3]), or a eZ430-Chronos (see [4]) with a specially developed firmware.
Successful disarming attacks against an ABUS Secvest wireless alarm system are shown in our SySS proof-of-concept video "ABUS Secvest Rolling Code PoC Attack" [8].
Solution:
SySS GmbH is not aware of a solution for this reported security
vulnerability.
Disclosure Timeline:
2018-11-21: Vulnerability reported to manufacturer 2018-11-28: Vulnerability reported to manufacturer once more 2018-12-12: E-mail to ABUS support asking if they are going to give some feedback regarding the reported security issue 2018-12-12: Phone call with ABUS support, the reported security advisories were forwarded to the ABUS Security Center Support 2018-12-12: E-mail to ABUS Security Center Support asking if they are going to give some feedback regarding the reported security issue 2019-01-14: Updated information regarding remote control ABUS Secvest FUBE50015 2019-03-25: Public release of security advisory
References:
[1] Product website for ABUS Secvest wireless alarm system
https://www.abus.com/eng/Home-Security/Alarm-systems/Secvest-wireless-alarm-system/Alarm-panels-and-kits/Secvest-Wireless-Alarm-System
[2] SySS Security Advisory SYSS-2016-117
https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2016-117.txt
[3] Product website YARD Stick One
https://greatscottgadgets.com/yardstickone/
[4] Product website for Texas Instruments eZ430-Chronos
http://www.ti.com/tool/EZ430-CHRONOS
[5] SySS Security Advisory SYSS-2018-034
https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2018-034.txt
[6] SySS Security Advisory SYSS-2018-035
https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2018-035.txt
[7] SySS GmbH, SySS Responsible Disclosure Policy
https://www.syss.de/en/news/responsible-disclosure-policy/
[8] SySS Proof-of-Concept Video: ABUS Secvest Rolling Code PoC Attack
https://youtu.be/pSdsMVn-7gM
Credits:
This security vulnerability was found by Thomas Detert.
Mr. Detert reported his finding to SySS GmbH where it was verified and later reported to the manufacturer by Matthias Deeg.
E-Mail: matthias.deeg (at) syss.de Public Key: https://www.syss.de/fileadmin/dokumente/Materialien/PGPKeys/Matthias_Deeg.asc Key fingerprint = D1F0 A035 F06C E675 CDB9 0514 D9A4 BF6A 34AD 4DAB
Disclaimer:
The information provided in this security advisory is provided "as is"
and without warranty of any kind. Details of this security advisory may
be updated in order to provide as accurate information as possible. The
latest version of this security advisory is available on the SySS Web
site.
Copyright:
Creative Commons - Attribution (by) - Version 3.0 URL: http://creativecommons.org/licenses/by/3.0/deed.en
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEE0fCgNfBs5nXNuQUU2aS/ajStTasFAlyUoKcACgkQ2aS/ajSt Tav+OBAAnJ6Vb6DVHhNWevqYKGjdn5eIIIHcfIrwe4bzKbXusNIVK9okNNkZT9i+ hRZfVSFR21uyamh950qNujjizNhGUnD3mezPx5ep0R7tPxhwcp67kgVjRef4PNEE p1rbhVFKKWlR4ygcmsAeKnnHQTGUK9UlYBlTt2RpPh4OCCRikPW0RuwfYuAxrvug kDpWV/XA2DivteL68jDYzCdXHG2toph1FGmfv5CTx0NiyKD/XSm952c17z/D78Qz AHvJT+xVMyZoUWqhSWHbwS+byBzVaXM2C3/89FBJ0YgolmrL1k8GvbYGe5fVlbBa +PcHpp2yRbhuDgANCdLGEvWMCaflbqUPZN/xyaySF5HaKmpULvU44QEtg9CjDKNv m0yyZDWaBAUMb574MsBZNAnFmyWPFuq1wd/hM5oxLoUyu6nbBlsLcpH/3E0LbJL0 ifNvk9KTsrvOItAV1fQl7/ccNcAeI+DB2yz44gtDaHjHvYCFjEHaQvws5a9L0PIF XYRuHI+BNNIIi2KwivpnR316MA2MgE0hEny708sdS879qP1eZ5gDXcrVvUPFDsbA DRH66TVPmoi2HMkKn95/PVLgqAYH0QFlGs3RkT+t7QS1K0gVCude4sTtxZFpT1A/ oxl2o8Kn4YhBDXvT9tUs1vaBFMO46MCgKF4yx3adPCRqK7twhiY= =eZ14 -----END PGP SIGNATURE-----
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201903-0072",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "secvest wireless alarm system fuaa50000",
"scope": "eq",
"trust": 1.8,
"vendor": "abus",
"version": "3.01.01"
},
{
"model": "secvest wireless remote control fube50015",
"scope": "eq",
"trust": 1.0,
"vendor": "abus",
"version": null
},
{
"model": "secvest wireless remote control fube50014",
"scope": "eq",
"trust": 1.0,
"vendor": "abus",
"version": null
},
{
"model": "secvest wireless remote control fube50014",
"scope": null,
"trust": 0.8,
"vendor": "abus",
"version": null
},
{
"model": "secvest wireless remote control fube50015",
"scope": null,
"trust": 0.8,
"vendor": "abus",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-002902"
},
{
"db": "NVD",
"id": "CVE-2019-9863"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:abus:secvest_wireless_alarm_system_fuaa50000_firmware:3.01.01:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:abus:secvest_wireless_alarm_system_fuaa50000:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:abus:secvest_wireless_remote_control_fube50014_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:abus:secvest_wireless_remote_control_fube50014:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:abus:secvest_wireless_remote_control_fube50015_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:abus:secvest_wireless_remote_control_fube50015:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2019-9863"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Matthias Deeg",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201903-922"
}
],
"trust": 0.6
},
"cve": "CVE-2019-9863",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Complete",
"baseScore": 10.0,
"confidentialityImpact": "Complete",
"exploitabilityScore": null,
"id": "CVE-2019-9863",
"impactScore": null,
"integrityImpact": "Complete",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.9,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "VHN-161298",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 9.8,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2019-9863",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2019-9863",
"trust": 1.8,
"value": "CRITICAL"
},
{
"author": "CNNVD",
"id": "CNNVD-201903-922",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "VULHUB",
"id": "VHN-161298",
"trust": 0.1,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2019-9863",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-161298"
},
{
"db": "VULMON",
"id": "CVE-2019-9863"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-002902"
},
{
"db": "NVD",
"id": "CVE-2019-9863"
},
{
"db": "CNNVD",
"id": "CNNVD-201903-922"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Due to the use of an insecure algorithm for rolling codes in the ABUS Secvest wireless alarm system FUAA50000 3.01.01 and its remote controls FUBE50014 and FUBE50015, an attacker is able to predict valid future rolling codes, and can thus remotely control the alarm system in an unauthorized way. ABUS Secvest wireless alarm system FUAA50000 , remote control FUBE50014 , FUBE50015 Contains a cryptographic strength vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. ABUS Secvest FUBE50014 is a wireless remote control of ABUS company in Germany. There are security vulnerabilities in ABUS Secvest FUAA50000, FUBE50014, and FUB50015. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA512\n\nAdvisory ID: SYSS-2018-034\nProduct: ABUS Secvest (FUAA50000)\nManufacturer: ABUS\nAffected Version(s): v3.01.01\nTested Version(s): v3.01.01\nVulnerability Type: Rolling Code - Predictable from Observable State (CWE-341)\nRisk Level: High\nSolution Status: Open\nManufacturer Notification: 2018-11-21\nSolution Date: -\nPublic Disclosure: 2019-03-25\nCVE Reference: CVE-2019-9863\nAuthors of Advisory: Matthias Deeg (SySS GmbH), Thomas Detert\n\n~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~\n\nOverview:\n\nABUS Secvest (FUAA50000) is a wireless alarm system with different\nfeatures. \n\n~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~\n\nProof of Concept (PoC):\n\nThomas Detert developed a Teensy-based PoC tool using a CC1101 sub-1GHz\ntransceiver that allows disarming the alarm system in an unauthorized\nway. He provided his tool including documentation and source to SySS\nGmbH for responsible disclosure purposes. Detert\u0027s PoC tool, a developed Python tool for the RFCat-based radio\ndongle YARD Stick One (see [3]), or a eZ430-Chronos (see [4]) with a\nspecially developed firmware. \n\nSuccessful disarming attacks against an ABUS Secvest wireless alarm\nsystem are shown in our SySS proof-of-concept video \"ABUS Secvest\nRolling Code PoC Attack\" [8]. \n\n~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~\n\nSolution:\n\nSySS GmbH is not aware of a solution for this reported security\nvulnerability. \n\n~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~\n\nDisclosure Timeline:\n\n2018-11-21: Vulnerability reported to manufacturer\n2018-11-28: Vulnerability reported to manufacturer once more\n2018-12-12: E-mail to ABUS support asking if they are going to give\n some feedback regarding the reported security issue\n2018-12-12: Phone call with ABUS support, the reported security\n advisories were forwarded to the ABUS Security Center\n Support\n2018-12-12: E-mail to ABUS Security Center Support asking if they are\n going to give some feedback regarding the reported security\n issue\n2019-01-14: Updated information regarding remote control ABUS Secvest\n FUBE50015\n2019-03-25: Public release of security advisory\n\n~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~\n\nReferences:\n\n[1] Product website for ABUS Secvest wireless alarm system\n https://www.abus.com/eng/Home-Security/Alarm-systems/Secvest-wireless-alarm-system/Alarm-panels-and-kits/Secvest-Wireless-Alarm-System\n[2] SySS Security Advisory SYSS-2016-117\n https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2016-117.txt\n[3] Product website YARD Stick One\n https://greatscottgadgets.com/yardstickone/\n[4] Product website for Texas Instruments eZ430-Chronos\n http://www.ti.com/tool/EZ430-CHRONOS\n[5] SySS Security Advisory SYSS-2018-034\n https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2018-034.txt\n[6] SySS Security Advisory SYSS-2018-035\n https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2018-035.txt\n[7] SySS GmbH, SySS Responsible Disclosure Policy\n https://www.syss.de/en/news/responsible-disclosure-policy/\n[8] SySS Proof-of-Concept Video: ABUS Secvest Rolling Code PoC Attack\n https://youtu.be/pSdsMVn-7gM\n\n~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~\n\nCredits:\n\nThis security vulnerability was found by Thomas Detert. \n\nMr. Detert reported his finding to SySS GmbH where it was verified and\nlater reported to the manufacturer by Matthias Deeg. \n\nE-Mail: matthias.deeg (at) syss.de\nPublic Key: https://www.syss.de/fileadmin/dokumente/Materialien/PGPKeys/Matthias_Deeg.asc\nKey fingerprint = D1F0 A035 F06C E675 CDB9 0514 D9A4 BF6A 34AD 4DAB\n\n~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~\n\nDisclaimer:\n\nThe information provided in this security advisory is provided \"as is\"\nand without warranty of any kind. Details of this security advisory may\nbe updated in order to provide as accurate information as possible. The\nlatest version of this security advisory is available on the SySS Web\nsite. \n\n~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~\n\nCopyright:\n\nCreative Commons - Attribution (by) - Version 3.0\nURL: http://creativecommons.org/licenses/by/3.0/deed.en\n\n-----BEGIN PGP SIGNATURE-----\n\niQIzBAEBCgAdFiEE0fCgNfBs5nXNuQUU2aS/ajStTasFAlyUoKcACgkQ2aS/ajSt\nTav+OBAAnJ6Vb6DVHhNWevqYKGjdn5eIIIHcfIrwe4bzKbXusNIVK9okNNkZT9i+\nhRZfVSFR21uyamh950qNujjizNhGUnD3mezPx5ep0R7tPxhwcp67kgVjRef4PNEE\np1rbhVFKKWlR4ygcmsAeKnnHQTGUK9UlYBlTt2RpPh4OCCRikPW0RuwfYuAxrvug\nkDpWV/XA2DivteL68jDYzCdXHG2toph1FGmfv5CTx0NiyKD/XSm952c17z/D78Qz\nAHvJT+xVMyZoUWqhSWHbwS+byBzVaXM2C3/89FBJ0YgolmrL1k8GvbYGe5fVlbBa\n+PcHpp2yRbhuDgANCdLGEvWMCaflbqUPZN/xyaySF5HaKmpULvU44QEtg9CjDKNv\nm0yyZDWaBAUMb574MsBZNAnFmyWPFuq1wd/hM5oxLoUyu6nbBlsLcpH/3E0LbJL0\nifNvk9KTsrvOItAV1fQl7/ccNcAeI+DB2yz44gtDaHjHvYCFjEHaQvws5a9L0PIF\nXYRuHI+BNNIIi2KwivpnR316MA2MgE0hEny708sdS879qP1eZ5gDXcrVvUPFDsbA\nDRH66TVPmoi2HMkKn95/PVLgqAYH0QFlGs3RkT+t7QS1K0gVCude4sTtxZFpT1A/\noxl2o8Kn4YhBDXvT9tUs1vaBFMO46MCgKF4yx3adPCRqK7twhiY=\n=eZ14\n-----END PGP SIGNATURE-----\n\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2019-9863"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-002902"
},
{
"db": "VULHUB",
"id": "VHN-161298"
},
{
"db": "VULMON",
"id": "CVE-2019-9863"
},
{
"db": "PACKETSTORM",
"id": "152212"
}
],
"trust": 1.89
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://www.scap.org.cn/vuln/vhn-161298",
"trust": 0.1,
"type": "unknown"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-161298"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2019-9863",
"trust": 2.7
},
{
"db": "PACKETSTORM",
"id": "152212",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2019-002902",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201903-922",
"trust": 0.7
},
{
"db": "VULHUB",
"id": "VHN-161298",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2019-9863",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-161298"
},
{
"db": "VULMON",
"id": "CVE-2019-9863"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-002902"
},
{
"db": "PACKETSTORM",
"id": "152212"
},
{
"db": "NVD",
"id": "CVE-2019-9863"
},
{
"db": "CNNVD",
"id": "CNNVD-201903-922"
}
]
},
"id": "VAR-201903-0072",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-161298"
}
],
"trust": 0.01
},
"last_update_date": "2023-12-18T13:56:47.386000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "https://www.abus.com/eng"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-002902"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-330",
"trust": 1.0
},
{
"problemtype": "CWE-326",
"trust": 0.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-161298"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-002902"
},
{
"db": "NVD",
"id": "CVE-2019-9863"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.7,
"url": "https://www.syss.de/fileadmin/dokumente/publikationen/advisories/syss-2018-034.txt"
},
{
"trust": 1.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-9863"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-9863"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/152212/abus-secvest-3.01.01-insecure-algorithm.html"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/326.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "http://seclists.org/fulldisclosure/2019/mar/48"
},
{
"trust": 0.1,
"url": "http://creativecommons.org/licenses/by/3.0/deed.en"
},
{
"trust": 0.1,
"url": "https://www.syss.de/fileadmin/dokumente/publikationen/advisories/syss-2016-117.txt"
},
{
"trust": 0.1,
"url": "https://www.syss.de/en/news/responsible-disclosure-policy/"
},
{
"trust": 0.1,
"url": "https://www.syss.de/fileadmin/dokumente/publikationen/advisories/syss-2018-035.txt"
},
{
"trust": 0.1,
"url": "https://www.syss.de/fileadmin/dokumente/materialien/pgpkeys/matthias_deeg.asc"
},
{
"trust": 0.1,
"url": "https://www.abus.com/eng/home-security/alarm-systems/secvest-wireless-alarm-system/alarm-panels-and-kits/secvest-wireless-alarm-system"
},
{
"trust": 0.1,
"url": "https://youtu.be/psdsmvn-7gm"
},
{
"trust": 0.1,
"url": "http://www.ti.com/tool/ez430-chronos"
},
{
"trust": 0.1,
"url": "https://greatscottgadgets.com/yardstickone/"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-161298"
},
{
"db": "VULMON",
"id": "CVE-2019-9863"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-002902"
},
{
"db": "PACKETSTORM",
"id": "152212"
},
{
"db": "NVD",
"id": "CVE-2019-9863"
},
{
"db": "CNNVD",
"id": "CNNVD-201903-922"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-161298"
},
{
"db": "VULMON",
"id": "CVE-2019-9863"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-002902"
},
{
"db": "PACKETSTORM",
"id": "152212"
},
{
"db": "NVD",
"id": "CVE-2019-9863"
},
{
"db": "CNNVD",
"id": "CNNVD-201903-922"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-03-27T00:00:00",
"db": "VULHUB",
"id": "VHN-161298"
},
{
"date": "2019-03-27T00:00:00",
"db": "VULMON",
"id": "CVE-2019-9863"
},
{
"date": "2019-04-25T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-002902"
},
{
"date": "2019-03-25T15:37:12",
"db": "PACKETSTORM",
"id": "152212"
},
{
"date": "2019-03-27T14:29:02.127000",
"db": "NVD",
"id": "CVE-2019-9863"
},
{
"date": "2019-03-25T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201903-922"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-03-28T00:00:00",
"db": "VULHUB",
"id": "VHN-161298"
},
{
"date": "2021-07-21T00:00:00",
"db": "VULMON",
"id": "CVE-2019-9863"
},
{
"date": "2019-04-25T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-002902"
},
{
"date": "2021-07-21T11:39:23.747000",
"db": "NVD",
"id": "CVE-2019-9863"
},
{
"date": "2021-07-26T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201903-922"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "PACKETSTORM",
"id": "152212"
},
{
"db": "CNNVD",
"id": "CNNVD-201903-922"
}
],
"trust": 0.7
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural ABUS Vulnerability related to cryptographic strength in products",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-002902"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "encryption problem",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201903-922"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…