Sign-up

ID

VAR-201803-1090


CVE

CVE-2017-16242


TITLE

MECO USB Memory Stick with Fingerprint Vulnerabilities related to authorization, authority, and access control in devices

Trust: 0.8

sources: JVNDB: JVNDB-2017-013061

DESCRIPTION

An issue was discovered on MECO USB Memory Stick with Fingerprint MECOZiolsamDE601 devices. The fingerprint authentication requirement for data access can be bypassed. An attacker with physical access can send a static packet to a serial port exposed on the PCB to unlock the key and get access to the data without possessing the required fingerprint. MECO USB Memory Stick with Fingerprint Devices have vulnerabilities related to authorization, permissions, and access control.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. The MECOUSBMemoryStick is a portable USB storage device. A security hole exists in the MECOUSBMemoryStick with FingerprintMECOZiolsamDE601

Trust: 2.16

sources: NVD: CVE-2017-16242 // JVNDB: JVNDB-2017-013061 // CNVD: CNVD-2018-08804

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2018-08804

AFFECTED PRODUCTS

vendor:mecomodel:usb memory stick with fingerprint firwmarescope:eqversion: -

Trust: 1.6

vendor:mecomodel:usb memory stick with fingerprintscope: - version: -

Trust: 0.8

vendor:mecomodel:usb memory stickscope: - version: -

Trust: 0.6

sources: CNVD: CNVD-2018-08804 // JVNDB: JVNDB-2017-013061 // CNNVD: CNNVD-201711-012 // NVD: CVE-2017-16242

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2017-16242
value: MEDIUM

Trust: 1.0

NVD: CVE-2017-16242
value: MEDIUM

Trust: 0.8

CNVD: CNVD-2018-08804
value: HIGH

Trust: 0.6

CNNVD: CNNVD-201711-012
value: MEDIUM

Trust: 0.6

nvd@nist.gov: CVE-2017-16242
severity: HIGH
baseScore: 7.2
vectorString: AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2018-08804
severity: HIGH
baseScore: 7.2
vectorString: AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2017-16242
baseSeverity: MEDIUM
baseScore: 6.8
vectorString: CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: PHYSICAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 0.9
impactScore: 5.9
version: 3.0

Trust: 1.8

sources: CNVD: CNVD-2018-08804 // JVNDB: JVNDB-2017-013061 // CNNVD: CNNVD-201711-012 // NVD: CVE-2017-16242

PROBLEMTYPE DATA

problemtype:CWE-287

Trust: 1.0

problemtype:CWE-264

Trust: 0.8

sources: JVNDB: JVNDB-2017-013061 // NVD: CVE-2017-16242

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-201711-012

TYPE

authorization issue

Trust: 0.6

sources: CNNVD: CNNVD-201711-012

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2017-013061

EXTERNAL IDS
db:NVDid:CVE-2017-16242
Trust: 3.0
db:JVNDBid:JVNDB-2017-013061
Trust: 0.8
db:CNVDid:CNVD-2018-08804
Trust: 0.6
db:CNNVDid:CNNVD-201711-012
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2018-08804 // 
            
            
            
            JVNDB: JVNDB-2017-013061 // 
            
            
            
            CNNVD: CNNVD-201711-012 // 
            
            
            
            NVD: CVE-2017-16242

REFERENCES
url:https://gist.github.com/audebert/ef6e206a27ededd1386cff48604e9335
Trust: 3.0
url:https://www.blackhat.com/us-17/briefings/schedule/index.html#attacking-encrypted-usb-keys-the-hardware-way-7443
Trust: 2.4
url:https://www.elie.net/talk/attacking-encrypted-usb-keys-the-hardware-way
Trust: 1.6
url:https://www.blackhat.com/docs/us-17/thursday/us-17-picod-attacking-encrypted-usb-keys-the-hard%28ware%29-way.pdf
Trust: 1.0
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-16242
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2017-16242
Trust: 0.8
url:https://www.blackhat.com/docs/us-17/thursday/us-17-picod-attacking-encrypted-usb-keys-the-hard(ware)-way.pdf
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2018-08804 // 
            
            
            
            JVNDB: JVNDB-2017-013061 // 
            
            
            
            CNNVD: CNNVD-201711-012 // 
            
            
            
            NVD: CVE-2017-16242

SOURCES
db:CNVDid:CNVD-2018-08804
db:JVNDBid:JVNDB-2017-013061
db:CNNVDid:CNNVD-201711-012
db:NVDid:CVE-2017-16242

LAST UPDATE DATE
2024-11-23T22:06:58.315000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2018-08804date:2018-05-03T00:00:00
db:JVNDBid:JVNDB-2017-013061date:2018-05-24T00:00:00
db:CNNVDid:CNNVD-201711-012date:2019-10-23T00:00:00
db:NVDid:CVE-2017-16242date:2024-11-21T03:16:06

SOURCES RELEASE DATE
db:CNVDid:CNVD-2018-08804date:2018-05-03T00:00:00
db:JVNDBid:JVNDB-2017-013061date:2018-05-24T00:00:00
db:CNNVDid:CNNVD-201711-012date:2017-10-31T00:00:00
db:NVDid:CVE-2017-16242date:2018-03-22T15:29:00.277