Sign-up

ID

VAR-201805-0840


CVE

CVE-2018-11402


TITLE

SimpliSafe Original Vulnerable to information disclosure

Trust: 0.8

sources: JVNDB: JVNDB-2018-005273

DESCRIPTION

SimpliSafe Original has Unencrypted Keypad Transmissions, which allows physically proximate attackers to discover the PIN. SimpliSafe Original Contains an information disclosure vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. SimpliSafe Original is a home security management system. The system includes video surveillance and intrusion alarms, among other things. There is a security flaw in SimpliSafe Original, which stems from not encrypting the transmission. An attacker in close physical proximity could exploit this vulnerability to obtain a PIN

Trust: 1.71

sources: NVD: CVE-2018-11402 // JVNDB: JVNDB-2018-005273 // VULHUB: VHN-121258

AFFECTED PRODUCTS

vendor:simplisafemodel:u9k-kp1000scope:eqversion: -

Trust: 1.6

vendor:simplisafemodel:u9k-kp1000scope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2018-005273 // CNNVD: CNNVD-201805-842 // NVD: CVE-2018-11402

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2018-11402
value: MEDIUM

Trust: 1.0

NVD: CVE-2018-11402
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201805-842
value: MEDIUM

Trust: 0.6

VULHUB: VHN-121258
value: LOW

Trust: 0.1

nvd@nist.gov: CVE-2018-11402
severity: LOW
baseScore: 1.9
vectorString: AV:L/AC:M/AU:N/C:P/I:N/A:N
accessVector: LOCAL
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.4
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-121258
severity: LOW
baseScore: 1.9
vectorString: AV:L/AC:M/AU:N/C:P/I:N/A:N
accessVector: LOCAL
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.4
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2018-11402
baseSeverity: MEDIUM
baseScore: 6.6
vectorString: CVSS:3.0/AV:P/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector: PHYSICAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 0.7
impactScore: 5.9
version: 3.0

Trust: 1.8

sources: VULHUB: VHN-121258 // JVNDB: JVNDB-2018-005273 // CNNVD: CNNVD-201805-842 // NVD: CVE-2018-11402

PROBLEMTYPE DATA

problemtype:CWE-319

Trust: 1.1

problemtype:CWE-200

Trust: 0.9

sources: VULHUB: VHN-121258 // JVNDB: JVNDB-2018-005273 // NVD: CVE-2018-11402

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-201805-842

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-201805-842

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2018-005273

PATCH
title:Top Pageurl:https://simplisafe.com/home-security-shop-simplisafe-original
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2018-005273

EXTERNAL IDS
db:NVDid:CVE-2018-11402
Trust: 2.5
db:JVNDBid:JVNDB-2018-005273
Trust: 0.8
db:CNNVDid:CNNVD-201805-842
Trust: 0.6
db:VULHUBid:VHN-121258
Trust: 0.1
sources:
            
            
            VULHUB: VHN-121258 // 
            
            
            
            JVNDB: JVNDB-2018-005273 // 
            
            
            
            CNNVD: CNNVD-201805-842 // 
            
            
            
            NVD: CVE-2018-11402

REFERENCES
url:https://www.simpleorsecure.net/simplisafe-security-advisory/
Trust: 2.5
url:https://simplisafe.com/files/pdf/simplisafe_advisory_8-17-18.pdf
Trust: 1.7
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-11402
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2018-11402
Trust: 0.8
sources:
            
            
            VULHUB: VHN-121258 // 
            
            
            
            JVNDB: JVNDB-2018-005273 // 
            
            
            
            CNNVD: CNNVD-201805-842 // 
            
            
            
            NVD: CVE-2018-11402

SOURCES
db:VULHUBid:VHN-121258
db:JVNDBid:JVNDB-2018-005273
db:CNNVDid:CNNVD-201805-842
db:NVDid:CVE-2018-11402

LAST UPDATE DATE
2024-11-23T22:17:29.837000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-121258date:2019-10-03T00:00:00
db:JVNDBid:JVNDB-2018-005273date:2018-07-11T00:00:00
db:CNNVDid:CNNVD-201805-842date:2019-10-23T00:00:00
db:NVDid:CVE-2018-11402date:2024-11-21T03:43:17.340

SOURCES RELEASE DATE
db:VULHUBid:VHN-121258date:2018-05-24T00:00:00
db:JVNDBid:JVNDB-2018-005273date:2018-07-11T00:00:00
db:CNNVDid:CNNVD-201805-842date:2018-05-25T00:00:00
db:NVDid:CVE-2018-11402date:2018-05-24T05:29:00.397