Sign-up

ID

VAR-201804-1515


CVE

CVE-2018-8117


TITLE

Microsoft Wireless Keyboard 850 Vulnerabilities that bypass security functions

Trust: 0.8

sources: JVNDB: JVNDB-2018-003532

DESCRIPTION

A security feature bypass vulnerability exists in the Microsoft Wireless Keyboard 850 which could allow an attacker to reuse an AES encryption key to send keystrokes to other keyboard devices or to read keystrokes sent by other keyboards for the affected devices, aka "Microsoft Wireless Keyboard 850 Security Feature Bypass Vulnerability." This affects Microsoft Wireless Keyboard 850. An attacker can exploit this issue to bypass certain security restrictions and perform unauthorized actions; this may aid in launching further attacks

Trust: 1.98

sources: NVD: CVE-2018-8117 // JVNDB: JVNDB-2018-003532 // BID: 103711 // VULHUB: VHN-138149

AFFECTED PRODUCTS

vendor:microsoftmodel:wireless keyboard 850scope:eqversion: -

Trust: 1.6

vendor:microsoftmodel:wireless keyboard 850scope: - version: -

Trust: 0.8

vendor:microsoftmodel:wireless keyboardscope:eqversion:8500

Trust: 0.3

sources: BID: 103711 // JVNDB: JVNDB-2018-003532 // CNNVD: CNNVD-201804-619 // NVD: CVE-2018-8117

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2018-8117
value: MEDIUM

Trust: 1.0

NVD: CVE-2018-8117
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201804-619
value: MEDIUM

Trust: 0.6

VULHUB: VHN-138149
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2018-8117
severity: HIGH
baseScore: 7.3
vectorString: AV:A/AC:M/AU:N/C:C/I:C/A:N
accessVector: ADJACENT_NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: NONE
exploitabilityScore: 5.5
impactScore: 9.2
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-138149
severity: HIGH
baseScore: 7.3
vectorString: AV:A/AC:M/AU:N/C:C/I:C/A:N
accessVector: ADJACENT_NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: NONE
exploitabilityScore: 5.5
impactScore: 9.2
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2018-8117
baseSeverity: MEDIUM
baseScore: 6.8
vectorString: CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
attackVector: ADJACENT
attackComplexity: HIGH
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: NONE
exploitabilityScore: 1.6
impactScore: 5.2
version: 3.0

Trust: 1.8

sources: VULHUB: VHN-138149 // JVNDB: JVNDB-2018-003532 // CNNVD: CNNVD-201804-619 // NVD: CVE-2018-8117

PROBLEMTYPE DATA

problemtype:NVD-CWE-noinfo

Trust: 1.0

problemtype:CWE-310

Trust: 0.9

sources: VULHUB: VHN-138149 // JVNDB: JVNDB-2018-003532 // NVD: CVE-2018-8117

THREAT TYPE

remote or local

Trust: 0.6

sources: CNNVD: CNNVD-201804-619

TYPE

encryption problem

Trust: 0.6

sources: CNNVD: CNNVD-201804-619

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2018-003532

PATCH
title:CVE-2018-8117 | Microsoft Wireless Keyboard 850 Security Feature Bypass Vulnerabilityurl:https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8117
Trust: 0.8
title:CVE-2018-8117 | Microsoft Wireless Keyboard 850 のセキュリティ機能のバイパスの脆弱性url:https://portal.msrc.microsoft.com/ja-jp/security-guidance/advisory/CVE-2018-8117
Trust: 0.8
title:Microsoft Wireless Keyboard 850 Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=83360
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2018-003532 // 
            
            
            
            CNNVD: CNNVD-201804-619

EXTERNAL IDS
db:NVDid:CVE-2018-8117
Trust: 2.8
db:BIDid:103711
Trust: 2.0
db:JVNDBid:JVNDB-2018-003532
Trust: 0.8
db:CNNVDid:CNNVD-201804-619
Trust: 0.6
db:VULHUBid:VHN-138149
Trust: 0.1
sources:
            
            
            VULHUB: VHN-138149 // 
            
            
            
            BID: 103711 // 
            
            
            
            JVNDB: JVNDB-2018-003532 // 
            
            
            
            CNNVD: CNNVD-201804-619 // 
            
            
            
            NVD: CVE-2018-8117

REFERENCES
url:https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/cve-2018-8117
Trust: 2.0
url:http://www.securityfocus.com/bid/103711
Trust: 1.7
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-8117
Trust: 0.8
url:https://www.ipa.go.jp/security/ciadr/vul/20180411-ms.html
Trust: 0.8
url:http://www.jpcert.or.jp/at/2018/at180016.html
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2018-8117
Trust: 0.8
url:http://www.microsoft.com
Trust: 0.3
sources:
            
            
            VULHUB: VHN-138149 // 
            
            
            
            BID: 103711 // 
            
            
            
            JVNDB: JVNDB-2018-003532 // 
            
            
            
            CNNVD: CNNVD-201804-619 // 
            
            
            
            NVD: CVE-2018-8117

CREDITS
Microsoft
Trust: 0.3
sources:
            
            
            BID: 103711

SOURCES
db:VULHUBid:VHN-138149
db:BIDid:103711
db:JVNDBid:JVNDB-2018-003532
db:CNNVDid:CNNVD-201804-619
db:NVDid:CVE-2018-8117

LAST UPDATE DATE
2024-11-23T22:26:24.710000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-138149date:2019-10-03T00:00:00
db:BIDid:103711date:2018-04-10T00:00:00
db:JVNDBid:JVNDB-2018-003532date:2018-05-25T00:00:00
db:CNNVDid:CNNVD-201804-619date:2019-10-23T00:00:00
db:NVDid:CVE-2018-8117date:2024-11-21T04:13:17.787

SOURCES RELEASE DATE
db:VULHUBid:VHN-138149date:2018-04-12T00:00:00
db:BIDid:103711date:2018-04-10T00:00:00
db:JVNDBid:JVNDB-2018-003532date:2018-05-25T00:00:00
db:CNNVDid:CNNVD-201804-619date:2018-04-11T00:00:00
db:NVDid:CVE-2018-8117date:2018-04-12T01:29:11.923