Sign-up

ID

VAR-201710-0941


CVE

CVE-2017-14797


TITLE

Philips Hue Bridge BSB002 Vulnerability related to cryptographic strength in switches

Trust: 0.8

sources: JVNDB: JVNDB-2017-008597

DESCRIPTION

Lack of Transport Encryption in the public API in Philips Hue Bridge BSB002 SW 1707040932 allows remote attackers to read API keys (and consequently bypass the pushlink protection mechanism, and obtain complete control of the connected accessories) by leveraging the ability to sniff HTTP traffic on the local intranet network. Philips Hue Bridge BSB002 The switch contains a cryptographic strength vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Philips Hue Bridge BSB002 is a smart home lighting system from Philips, Netherlands. The public API is one of the public interfaces. The public API in the Philips Hue Bridge BSB002 using the 1707040932 firmware has a security vulnerability. The vulnerable program failed to encrypt the transmission

Trust: 2.25

sources: NVD: CVE-2017-14797 // JVNDB: JVNDB-2017-008597 // CNVD: CNVD-2017-36358 // VULHUB: VHN-105555

AFFECTED PRODUCTS

vendor:philipsmodel:hue bridge bsb002scope:eqversion:1707040932

Trust: 2.4

vendor:philipsmodel:hue bridge bsb002 swscope:eqversion:1707040932

Trust: 0.6

sources: CNVD: CNVD-2017-36358 // JVNDB: JVNDB-2017-008597 // CNNVD: CNNVD-201710-459 // NVD: CVE-2017-14797

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2017-14797
value: HIGH

Trust: 1.0

NVD: CVE-2017-14797
value: HIGH

Trust: 0.8

CNVD: CNVD-2017-36358
value: HIGH

Trust: 0.6

CNNVD: CNNVD-201710-459
value: HIGH

Trust: 0.6

VULHUB: VHN-105555
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2017-14797
severity: HIGH
baseScore: 7.9
vectorString: AV:A/AC:M/AU:N/C:C/I:C/A:C
accessVector: ADJACENT_NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 5.5
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2017-36358
severity: HIGH
baseScore: 7.9
vectorString: AV:A/AC:M/AU:N/C:C/I:C/A:C
accessVector: ADJACENT_NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 5.5
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-105555
severity: HIGH
baseScore: 7.9
vectorString: AV:A/AC:M/AU:N/C:C/I:C/A:C
accessVector: ADJACENT_NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 5.5
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2017-14797
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: ADJACENT
attackComplexity: HIGH
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.6
impactScore: 5.9
version: 3.0

Trust: 1.8

sources: CNVD: CNVD-2017-36358 // VULHUB: VHN-105555 // JVNDB: JVNDB-2017-008597 // CNNVD: CNNVD-201710-459 // NVD: CVE-2017-14797

PROBLEMTYPE DATA

problemtype:CWE-326

Trust: 1.9

sources: VULHUB: VHN-105555 // JVNDB: JVNDB-2017-008597 // NVD: CVE-2017-14797

THREAT TYPE

specific network environment

Trust: 0.6

sources: CNNVD: CNNVD-201710-459

TYPE

lack of information

Trust: 0.6

sources: CNNVD: CNNVD-201710-459

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2017-008597

PATCH
title:Top Pageurl:https://www.usa.philips.com/
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2017-008597

EXTERNAL IDS
db:NVDid:CVE-2017-14797
Trust: 3.1
db:JVNDBid:JVNDB-2017-008597
Trust: 0.8
db:CNNVDid:CNNVD-201710-459
Trust: 0.7
db:CNVDid:CNVD-2017-36358
Trust: 0.6
db:VULHUBid:VHN-105555
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2017-36358 // 
            
            
            
            VULHUB: VHN-105555 // 
            
            
            
            JVNDB: JVNDB-2017-008597 // 
            
            
            
            CNNVD: CNNVD-201710-459 // 
            
            
            
            NVD: CVE-2017-14797

REFERENCES
url:https://www.tiferrei.com/philips-we-need-to-talk/index.html
Trust: 1.2
url:https://www.tiferrei.com/philips-we-need-to-talk
Trust: 1.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-14797
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2017-14797
Trust: 0.8
sources:
            
            
            CNVD: CNVD-2017-36358 // 
            
            
            
            VULHUB: VHN-105555 // 
            
            
            
            JVNDB: JVNDB-2017-008597 // 
            
            
            
            CNNVD: CNNVD-201710-459 // 
            
            
            
            NVD: CVE-2017-14797

SOURCES
db:CNVDid:CNVD-2017-36358
db:VULHUBid:VHN-105555
db:JVNDBid:JVNDB-2017-008597
db:CNNVDid:CNNVD-201710-459
db:NVDid:CVE-2017-14797

LAST UPDATE DATE
2025-04-20T23:32:03.824000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2017-36358date:2017-12-06T00:00:00
db:VULHUBid:VHN-105555date:2017-11-21T00:00:00
db:JVNDBid:JVNDB-2017-008597date:2017-10-24T00:00:00
db:CNNVDid:CNNVD-201710-459date:2017-11-08T00:00:00
db:NVDid:CVE-2017-14797date:2025-04-20T01:37:25.860

SOURCES RELEASE DATE
db:CNVDid:CNVD-2017-36358date:2017-12-06T00:00:00
db:VULHUBid:VHN-105555date:2017-10-01T00:00:00
db:JVNDBid:JVNDB-2017-008597date:2017-10-24T00:00:00
db:CNNVDid:CNNVD-201710-459date:2017-09-30T00:00:00
db:NVDid:CVE-2017-14797date:2017-10-01T01:29:00.723