| Vulnerability Name: | CVE-2017-17860 (CCN-138032) | ||||||||||||
| Assigned: | 2017-12-23 | ||||||||||||
| Published: | 2017-12-23 | ||||||||||||
| Updated: | 2018-02-06 | ||||||||||||
| Summary: | In Samsung Gear products, Bluetooth link key is updated to the different key which is same with attacker's link key. It can be attacked without user's intention only if attacker can reveal the Bluetooth address of target device and paired user's smartphone | ||||||||||||
| CVSS v3 Severity: | 5.7 Medium (CVSS v3.1 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H) 5.0 Medium (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:U/RL:U/RC:R)
4.7 Medium (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:U/RL:U/RC:R)
| ||||||||||||
| CVSS v2 Severity: | 5.7 Medium (CVSS v2 Vector: AV:A/AC:M/Au:N/C:N/I:N/A:C)
| ||||||||||||
| Vulnerability Type: | CWE-20 | ||||||||||||
| Vulnerability Consequences: | Denial of Service | ||||||||||||
| References: | Source: MITRE Type: CNA CVE-2017-17860 Source: CCN Type: Samsung Web site Samsung Gear products Source: CCN Type: Google Web site Bluetooth link key Source: MISC Type: Exploit, Third Party Advisory https://drive.google.com/open?id=0B5L-0MoH_v7fcGljUS1SYnlkOHM Source: XF Type: UNKNOWN samsung-cve201717860-dos(138032) | ||||||||||||
| Vulnerable Configuration: | Configuration 1: Denotes that component is vulnerable | ||||||||||||
| BACK | |||||||||||||