VAR-201909-1013
Vulnerability from variot - Updated: 2023-12-18 12:43An issue was discovered on ABUS Secvest FUAA50000 3.01.01 devices. Due to an insufficient implementation of jamming detection, an attacker is able to suppress correctly received RF messages sent between wireless peripheral components, e.g., wireless detectors or remote controls, and the ABUS Secvest alarm central. An attacker is able to perform a "reactive jamming" attack. The reactive jamming simply detects the start of a RF message sent by a component of the ABUS Secvest wireless alarm system, for instance a wireless motion detector (FUBW50000) or a remote control (FUBE50014 or FUBE50015), and overlays it with random data before the original RF message ends. Thereby, the receiver (alarm central) is not able to properly decode the original transmitted signal. This enables an attacker to suppress correctly received RF messages of the wireless alarm system in an unauthorized manner, for instance status messages sent by a detector indicating an intrusion. ABUS Secvest FUAA50000 The device contains cryptographic vulnerabilities.Information may be tampered with. ABUS Secvest FUAA50000 is a wireless remote control from ABUS, Germany. A security vulnerability exists in ABUS Secvest FUAA50000. Currently there is no information about this vulnerability, please keep an eye on CNNVD or vendor announcements. Advisory ID: SYSS-2019-004 Product: ABUS Secvest (FUAA50000) Manufacturer: ABUS Affected Version(s): v3.01.01 Tested Version(s): v3.01.01 Vulnerability Type: Message Transmission - Unchecked Error Condition (CWE-391) Risk Level: High Solution Status: Open Manufacturer Notification: 2019-03-02 Solution Date: - Public Disclosure: 2019-07-26 CVE Reference: CVE-2019-14261 Authors of Advisory: Matthias Deeg (SySS GmbH), Thomas Detert
Overview:
ABUS Secvest (FUAA50000) is a wireless alarm system with different
features.
Proof of Concept (PoC):
Thomas Detert developed a Teensy-based PoC tool using a CC1101 sub-1GHz transceiver that allows suppressing arming the alarm system in an unauthorized way. He provided his tool including documentation and source to SySS GmbH for responsible disclosure purposes.
Solution:
SySS GmbH is not aware of a solution for this reported security
vulnerability.
Disclosure Timeline:
2019-03-02: Vulnerability reported to manufacturer 2019-07-26: Public release of security advisory
References:
[1] Product website for ABUS Secvest wireless alarm system
https://www.abus.com/eng/Home-Security/Alarm-systems/Secvest-wireless-alarm-system/Alarm-panels-and-kits/Secvest-Wireless-Alarm-System
[2] SySS Security Advisory SYSS-2019-004
https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2019-004.txt
[3] SySS GmbH, SySS Responsible Disclosure Policy
https://www.syss.de/en/news/responsible-disclosure-policy/
Credits:
This security vulnerability was found by Thomas Detert.
Mr. Detert reported his finding to SySS GmbH where it was verified and later reported to the manufacturer by Matthias Deeg.
E-Mail: matthias.deeg (at) syss.de Public Key: https://www.syss.de/fileadmin/dokumente/Materialien/PGPKeys/Matthias_Deeg.asc Key fingerprint = D1F0 A035 F06C E675 CDB9 0514 D9A4 BF6A 34AD 4DAB
Disclaimer:
The information provided in this security advisory is provided "as is"
and without warranty of any kind. Details of this security advisory may
be updated in order to provide as accurate information as possible. The
latest version of this security advisory is available on the SySS Web
site.
Copyright:
Creative Commons - Attribution (by) - Version 3.0 URL: http://creativecommons.org/licenses/by/3.0/deed.en
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201909-1013",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "secvest wireless alarm system fuaa50000",
"scope": "eq",
"trust": 1.8,
"vendor": "abus",
"version": "3.01.01"
},
{
"model": "secvest fuaa50000",
"scope": "eq",
"trust": 0.6,
"vendor": "abus",
"version": "v3.01.01"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-29126"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-008882"
},
{
"db": "NVD",
"id": "CVE-2019-14261"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:abus:secvest_wireless_alarm_system_fuaa50000_firmware:3.01.01:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:abus:secvest_wireless_alarm_system_fuaa50000:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2019-14261"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Matthias Deeg",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201907-1412"
}
],
"trust": 0.6
},
"cve": "CVE-2019-14261",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 5.0,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2019-14261",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2019-29126",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "VHN-146190",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:N/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 7.5,
"baseSeverity": "High",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2019-14261",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2019-14261",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "CNVD",
"id": "CNVD-2019-29126",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201907-1412",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-146190",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-29126"
},
{
"db": "VULHUB",
"id": "VHN-146190"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-008882"
},
{
"db": "NVD",
"id": "CVE-2019-14261"
},
{
"db": "CNNVD",
"id": "CNNVD-201907-1412"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "An issue was discovered on ABUS Secvest FUAA50000 3.01.01 devices. Due to an insufficient implementation of jamming detection, an attacker is able to suppress correctly received RF messages sent between wireless peripheral components, e.g., wireless detectors or remote controls, and the ABUS Secvest alarm central. An attacker is able to perform a \"reactive jamming\" attack. The reactive jamming simply detects the start of a RF message sent by a component of the ABUS Secvest wireless alarm system, for instance a wireless motion detector (FUBW50000) or a remote control (FUBE50014 or FUBE50015), and overlays it with random data before the original RF message ends. Thereby, the receiver (alarm central) is not able to properly decode the original transmitted signal. This enables an attacker to suppress correctly received RF messages of the wireless alarm system in an unauthorized manner, for instance status messages sent by a detector indicating an intrusion. ABUS Secvest FUAA50000 The device contains cryptographic vulnerabilities.Information may be tampered with. ABUS Secvest FUAA50000 is a wireless remote control from ABUS, Germany. A security vulnerability exists in ABUS Secvest FUAA50000. Currently there is no information about this vulnerability, please keep an eye on CNNVD or vendor announcements. Advisory ID: SYSS-2019-004\nProduct: ABUS Secvest (FUAA50000)\nManufacturer: ABUS\nAffected Version(s): v3.01.01\nTested Version(s): v3.01.01\nVulnerability Type: Message Transmission - Unchecked Error Condition\n(CWE-391)\nRisk Level: High\nSolution Status: Open\nManufacturer Notification: 2019-03-02\nSolution Date: -\nPublic Disclosure: 2019-07-26\nCVE Reference: CVE-2019-14261\nAuthors of Advisory: Matthias Deeg (SySS GmbH), Thomas Detert\n\n~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~\n\nOverview:\n\nABUS Secvest (FUAA50000) is a wireless alarm system with different\nfeatures. \n\n~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~\n\nProof of Concept (PoC):\n\nThomas Detert developed a Teensy-based PoC tool using a CC1101 sub-1GHz\ntransceiver that allows suppressing arming the alarm system in an\nunauthorized way. He provided his tool including documentation and\nsource to SySS GmbH for responsible disclosure purposes. \n\n~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~\n\nSolution:\n\nSySS GmbH is not aware of a solution for this reported security\nvulnerability. \n\n~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~\n\nDisclosure Timeline:\n\n2019-03-02: Vulnerability reported to manufacturer\n2019-07-26: Public release of security advisory\n\n~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~\n\nReferences:\n\n[1] Product website for ABUS Secvest wireless alarm system\n\nhttps://www.abus.com/eng/Home-Security/Alarm-systems/Secvest-wireless-alarm-system/Alarm-panels-and-kits/Secvest-Wireless-Alarm-System\n[2] SySS Security Advisory SYSS-2019-004\n\nhttps://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2019-004.txt\n[3] SySS GmbH, SySS Responsible Disclosure Policy\n https://www.syss.de/en/news/responsible-disclosure-policy/\n\n~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~\n\nCredits:\n\nThis security vulnerability was found by Thomas Detert. \n\nMr. Detert reported his finding to SySS GmbH where it was verified and\nlater reported to the manufacturer by Matthias Deeg. \n\nE-Mail: matthias.deeg (at) syss.de\nPublic Key:\nhttps://www.syss.de/fileadmin/dokumente/Materialien/PGPKeys/Matthias_Deeg.asc\nKey fingerprint = D1F0 A035 F06C E675 CDB9 0514 D9A4 BF6A 34AD 4DAB\n\n~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~\n\nDisclaimer:\n\nThe information provided in this security advisory is provided \"as is\"\nand without warranty of any kind. Details of this security advisory may\nbe updated in order to provide as accurate information as possible. The\nlatest version of this security advisory is available on the SySS Web\nsite. \n\n~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~\n\nCopyright:\n\nCreative Commons - Attribution (by) - Version 3.0\nURL: http://creativecommons.org/licenses/by/3.0/deed.en\n\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2019-14261"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-008882"
},
{
"db": "CNVD",
"id": "CNVD-2019-29126"
},
{
"db": "VULHUB",
"id": "VHN-146190"
},
{
"db": "PACKETSTORM",
"id": "153780"
}
],
"trust": 2.34
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2019-14261",
"trust": 3.2
},
{
"db": "PACKETSTORM",
"id": "153780",
"trust": 1.8
},
{
"db": "JVNDB",
"id": "JVNDB-2019-008882",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201907-1412",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2019-29126",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-146190",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-29126"
},
{
"db": "VULHUB",
"id": "VHN-146190"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-008882"
},
{
"db": "PACKETSTORM",
"id": "153780"
},
{
"db": "NVD",
"id": "CVE-2019-14261"
},
{
"db": "CNNVD",
"id": "CNNVD-201907-1412"
}
]
},
"id": "VAR-201909-1013",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-29126"
},
{
"db": "VULHUB",
"id": "VHN-146190"
}
],
"trust": 1.7
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-29126"
}
]
},
"last_update_date": "2023-12-18T12:43:17.872000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "https://www.abus.com/"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-008882"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-310",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-146190"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-008882"
},
{
"db": "NVD",
"id": "CVE-2019-14261"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.6,
"url": "https://www.syss.de/fileadmin/dokumente/publikationen/advisories/syss-2019-004.txt"
},
{
"trust": 1.7,
"url": "https://seclists.org/bugtraq/2019/jul/52"
},
{
"trust": 1.7,
"url": "http://seclists.org/fulldisclosure/2019/jul/30"
},
{
"trust": 1.7,
"url": "http://packetstormsecurity.com/files/153780/abus-secvest-3.01.01-unchecked-message-transmission-error-condition.html"
},
{
"trust": 1.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-14261"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-14261"
},
{
"trust": 0.6,
"url": "http://seclists.org/fulldisclosure/2019/jul/36"
},
{
"trust": 0.1,
"url": "http://creativecommons.org/licenses/by/3.0/deed.en"
},
{
"trust": 0.1,
"url": "https://www.syss.de/en/news/responsible-disclosure-policy/"
},
{
"trust": 0.1,
"url": "https://www.syss.de/fileadmin/dokumente/materialien/pgpkeys/matthias_deeg.asc"
},
{
"trust": 0.1,
"url": "https://www.abus.com/eng/home-security/alarm-systems/secvest-wireless-alarm-system/alarm-panels-and-kits/secvest-wireless-alarm-system"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-29126"
},
{
"db": "VULHUB",
"id": "VHN-146190"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-008882"
},
{
"db": "PACKETSTORM",
"id": "153780"
},
{
"db": "NVD",
"id": "CVE-2019-14261"
},
{
"db": "CNNVD",
"id": "CNNVD-201907-1412"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2019-29126"
},
{
"db": "VULHUB",
"id": "VHN-146190"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-008882"
},
{
"db": "PACKETSTORM",
"id": "153780"
},
{
"db": "NVD",
"id": "CVE-2019-14261"
},
{
"db": "CNNVD",
"id": "CNNVD-201907-1412"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-08-28T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-29126"
},
{
"date": "2019-09-03T00:00:00",
"db": "VULHUB",
"id": "VHN-146190"
},
{
"date": "2019-09-09T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-008882"
},
{
"date": "2019-07-27T17:38:08",
"db": "PACKETSTORM",
"id": "153780"
},
{
"date": "2019-09-03T18:15:12.327000",
"db": "NVD",
"id": "CVE-2019-14261"
},
{
"date": "2019-07-27T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201907-1412"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-08-28T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-29126"
},
{
"date": "2019-09-05T00:00:00",
"db": "VULHUB",
"id": "VHN-146190"
},
{
"date": "2019-09-09T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-008882"
},
{
"date": "2019-09-05T20:37:22.630000",
"db": "NVD",
"id": "CVE-2019-14261"
},
{
"date": "2019-09-06T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201907-1412"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "PACKETSTORM",
"id": "153780"
},
{
"db": "CNNVD",
"id": "CNNVD-201907-1412"
}
],
"trust": 0.7
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "ABUS Secvest FUAA50000 Cryptographic vulnerabilities in devices",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-008882"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "encryption problem",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201907-1412"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…