Sign-up

ID

VAR-201712-0178


CVE

CVE-2017-14486


TITLE

Vibease Wireless Remote Vibrator and Vibease Chat Information disclosure vulnerability in applications

Trust: 0.8

sources: JVNDB: JVNDB-2017-011060

DESCRIPTION

The Vibease Wireless Remote Vibrator app for Android and the Vibease Chat app for iOS use cleartext to exchange messages with other apps and the PLAIN SASL mechanism to send auth tokens to Vibease servers, which allows remote attackers to obtain user credentials, messages, and other sensitive information by sniffing the network for XMPP traffic. Vibease Wireless Remote Vibrator and Vibease Chat An application contains an information disclosure vulnerability.Information may be obtained. Vibease Chat app for iOS is an online chat software based on iOS platform. There are security vulnerabilities in the Vibease Wireless Remote Vibrator app based on the Android platform and the Vibease Chat app based on the iOS platform. The vulnerability stems from the fact that the program exchanges messages with other applications in clear text and uses the PLAIN SASL mechanism to send identities to the Vibease server Validation token

Trust: 1.71

sources: NVD: CVE-2017-14486 // JVNDB: JVNDB-2017-011060 // VULHUB: VHN-105213

AFFECTED PRODUCTS

vendor:vibeasemodel:wireless remote vibratorscope:eqversion: -

Trust: 1.6

vendor:vibeasemodel:chatscope:eqversion: -

Trust: 1.6

vendor:vibeasemodel:chatscope: - version: -

Trust: 0.8

vendor:vibeasemodel:wireless remote vibratorscope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2017-011060 // CNNVD: CNNVD-201709-794 // NVD: CVE-2017-14486

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2017-14486
value: HIGH

Trust: 1.0

NVD: CVE-2017-14486
value: HIGH

Trust: 0.8

CNNVD: CNNVD-201709-794
value: HIGH

Trust: 0.6

VULHUB: VHN-105213
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2017-14486
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-105213
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2017-14486
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 3.6
version: 3.0

Trust: 1.8

sources: VULHUB: VHN-105213 // JVNDB: JVNDB-2017-011060 // CNNVD: CNNVD-201709-794 // NVD: CVE-2017-14486

PROBLEMTYPE DATA

problemtype:CWE-319

Trust: 1.1

problemtype:CWE-200

Trust: 0.9

sources: VULHUB: VHN-105213 // JVNDB: JVNDB-2017-011060 // NVD: CVE-2017-14486

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201709-794

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-201709-794

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2017-011060

EXTERNAL IDS
db:NVDid:CVE-2017-14486
Trust: 2.5
db:JVNDBid:JVNDB-2017-011060
Trust: 0.8
db:CNNVDid:CNNVD-201709-794
Trust: 0.7
db:VULHUBid:VHN-105213
Trust: 0.1
sources:
            
            
            VULHUB: VHN-105213 // 
            
            
            
            JVNDB: JVNDB-2017-011060 // 
            
            
            
            CNNVD: CNNVD-201709-794 // 
            
            
            
            NVD: CVE-2017-14486

REFERENCES
url:https://dl.acm.org/citation.cfm?id=3139942&preflayout=flat
Trust: 2.4
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-14486
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2017-14486
Trust: 0.8
url:https://dl.acm.org/citation.cfm?id=3139942&preflayout=flat
Trust: 0.1
sources:
            
            
            VULHUB: VHN-105213 // 
            
            
            
            JVNDB: JVNDB-2017-011060 // 
            
            
            
            CNNVD: CNNVD-201709-794 // 
            
            
            
            NVD: CVE-2017-14486

SOURCES
db:VULHUBid:VHN-105213
db:JVNDBid:JVNDB-2017-011060
db:CNNVDid:CNNVD-201709-794
db:NVDid:CVE-2017-14486

LAST UPDATE DATE
2025-04-20T23:39:55.531000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-105213date:2019-10-03T00:00:00
db:JVNDBid:JVNDB-2017-011060date:2018-01-04T00:00:00
db:CNNVDid:CNNVD-201709-794date:2019-10-23T00:00:00
db:NVDid:CVE-2017-14486date:2025-04-20T01:37:25.860

SOURCES RELEASE DATE
db:VULHUBid:VHN-105213date:2017-12-01T00:00:00
db:JVNDBid:JVNDB-2017-011060date:2018-01-04T00:00:00
db:CNNVDid:CNNVD-201709-794date:2017-09-19T00:00:00
db:NVDid:CVE-2017-14486date:2017-12-01T17:29:00.323