Sign-up

ID

VAR-201712-0300


CVE

CVE-2017-17436


TITLE

Vaultek Gun Safe VT20i Vulnerabilities related to cryptographic strength in Japanese software

Trust: 0.8

sources: JVNDB: JVNDB-2017-011232

DESCRIPTION

An issue was discovered in the software on Vaultek Gun Safe VT20i products. There is no encryption of the session between the Android application and the safe. The website and marketing materials advertise that this communication channel is encrypted with "Highest Level Bluetooth Encryption" and "Data transmissions are secure via AES256 bit encryption." These claims, however, are not true. Moreover, AES256 bit encryption is not supported in the Bluetooth Low Energy (BLE) standard, so it would have to be at the application level. This lack of encryption allows an individual to learn the passcode by eavesdropping on the communications between the application and the safe. Vaultek Gun Safe VT20i Software contains a vulnerability related to cryptographic strength.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state

Trust: 1.71

sources: NVD: CVE-2017-17436 // JVNDB: JVNDB-2017-011232 // VULHUB: VHN-108458

AFFECTED PRODUCTS

vendor:vaulteksafemodel:vt20iscope:eqversion: -

Trust: 1.6

vendor:vaultek safemodel:vt20iscope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2017-011232 // CNNVD: CNNVD-201712-153 // NVD: CVE-2017-17436

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2017-17436
value: HIGH

Trust: 1.0

NVD: CVE-2017-17436
value: HIGH

Trust: 0.8

CNNVD: CNNVD-201712-153
value: LOW

Trust: 0.6

VULHUB: VHN-108458
value: LOW

Trust: 0.1

nvd@nist.gov: CVE-2017-17436
severity: LOW
baseScore: 3.3
vectorString: AV:A/AC:L/AU:N/C:P/I:N/A:N
accessVector: ADJACENT_NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 6.5
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-108458
severity: LOW
baseScore: 3.3
vectorString: AV:A/AC:L/AU:N/C:P/I:N/A:N
accessVector: ADJACENT_NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 6.5
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2017-17436
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: ADJACENT
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 5.9
version: 3.0

Trust: 1.8

sources: VULHUB: VHN-108458 // JVNDB: JVNDB-2017-011232 // CNNVD: CNNVD-201712-153 // NVD: CVE-2017-17436

PROBLEMTYPE DATA

problemtype:CWE-326

Trust: 1.9

sources: VULHUB: VHN-108458 // JVNDB: JVNDB-2017-011232 // NVD: CVE-2017-17436

THREAT TYPE

specific network environment

Trust: 0.6

sources: CNNVD: CNNVD-201712-153

TYPE

lack of information

Trust: 0.6

sources: CNNVD: CNNVD-201712-153

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2017-011232

PATCH
title:Vaultek VT20i: Security Vulnerability (CVE-2017-17435)url:https://vaulteksafe.com/cve-2017-17435/
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2017-011232

EXTERNAL IDS
db:NVDid:CVE-2017-17436
Trust: 2.5
db:JVNDBid:JVNDB-2017-011232
Trust: 0.8
db:CNNVDid:CNNVD-201712-153
Trust: 0.7
db:VULHUBid:VHN-108458
Trust: 0.1
sources:
            
            
            VULHUB: VHN-108458 // 
            
            
            
            JVNDB: JVNDB-2017-011232 // 
            
            
            
            CNNVD: CNNVD-201712-153 // 
            
            
            
            NVD: CVE-2017-17436

REFERENCES
url:https://www.twosixlabs.com/bluesteal-popping-gatt-safes/
Trust: 2.5
url:https://vaulteksafe.com/index.php/cve-2017-17435/
Trust: 1.1
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-17436
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2017-17436
Trust: 0.8
sources:
            
            
            VULHUB: VHN-108458 // 
            
            
            
            JVNDB: JVNDB-2017-011232 // 
            
            
            
            CNNVD: CNNVD-201712-153 // 
            
            
            
            NVD: CVE-2017-17436

SOURCES
db:VULHUBid:VHN-108458
db:JVNDBid:JVNDB-2017-011232
db:CNNVDid:CNNVD-201712-153
db:NVDid:CVE-2017-17436

LAST UPDATE DATE
2025-04-20T21:56:06.337000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-108458date:2017-12-22T00:00:00
db:JVNDBid:JVNDB-2017-011232date:2018-01-11T00:00:00
db:CNNVDid:CNNVD-201712-153date:2017-12-07T00:00:00
db:NVDid:CVE-2017-17436date:2025-04-20T01:37:25.860

SOURCES RELEASE DATE
db:VULHUBid:VHN-108458date:2017-12-07T00:00:00
db:JVNDBid:JVNDB-2017-011232date:2018-01-11T00:00:00
db:CNNVDid:CNNVD-201712-153date:2017-12-07T00:00:00
db:NVDid:CVE-2017-17436date:2017-12-07T00:29:00.287