Details of VAR-201903-0241

ID

VAR-201903-0241

CVE

CVE-2019-9835

TITLE

Fujitsu Wireless Keyboard Set LX901 Device access control vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2019-002621

DESCRIPTION

The receiver (aka bridge) component of Fujitsu Wireless Keyboard Set LX901 GK900 devices allows Keystroke Injection. This occurs because it accepts unencrypted 2.4 GHz packets, even though all legitimate communication uses AES encryption. Fujitsu Wireless Keyboard Set LX901 The device contains an access control vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Fujitsu Wireless Keyboard Set LX901 is prone to a security-bypass vulnerability. Successfully exploiting this issue will allow an attacker to perform replay attacks. This may lead to other attacks. receiver is its receiver component. An attacker could exploit this vulnerability to inject keystrokes

Trust: 2.07

sources: NVD: CVE-2019-9835 // JVNDB: JVNDB-2019-002621 // BID: 107440 // VULHUB: VHN-161270 // VULMON: CVE-2019-9835

AFFECTED PRODUCTS

vendor:	fujitsu	model:	lx901	scope:	eq	version:	-	Trust: 1.0
vendor:	fujitsu	model:	gk900	scope:	eq	version:	-	Trust: 1.0
vendor:	fujitsu	model:	wireless keyboard lx901	scope:	eq	version:	gk900	Trust: 0.8
vendor:	fujitsu	model:	wireless keyboard set lx901 gk900	scope:	-	version:	-	Trust: 0.3

sources: BID: 107440 // JVNDB: JVNDB-2019-002621 // NVD: CVE-2019-9835

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2019-9835
value:	CRITICAL
Trust: 1.0
NVD:	CVE-2019-9835
value:	CRITICAL
Trust: 0.8
CNNVD:	CNNVD-201903-594
value:	CRITICAL
Trust: 0.6
VULHUB:	VHN-161270
value:	MEDIUM
Trust: 0.1
VULMON:	CVE-2019-9835
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2019-9835
severity:	MEDIUM
baseScore:	5.8
vectorString:	AV:A/AC:L/AU:N/C:P/I:P/A:P
accessVector:	ADJACENT_NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	6.5
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9
VULHUB:	VHN-161270
severity:	MEDIUM
baseScore:	5.8
vectorString:	AV:A/AC:L/AU:N/C:P/I:P/A:P
accessVector:	ADJACENT_NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	6.5
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2019-9835
baseSeverity:	CRITICAL
baseScore:	9.6
vectorString:	CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
attackVector:	ADJACENT
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	CHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	2.8
impactScore:	6.0
version:	3.0
Trust: 1.8

sources: VULHUB: VHN-161270 // VULMON: CVE-2019-9835 // JVNDB: JVNDB-2019-002621 // CNNVD: CNNVD-201903-594 // NVD: CVE-2019-9835

PROBLEMTYPE DATA

problemtype:	NVD-CWE-noinfo	Trust: 1.0
problemtype:	CWE-284	Trust: 0.9

sources: VULHUB: VHN-161270 // JVNDB: JVNDB-2019-002621 // NVD: CVE-2019-9835

THREAT TYPE

remote or local

Trust: 0.6

sources: CNNVD: CNNVD-201903-594

TYPE

access control error

Trust: 0.6

sources: CNNVD: CNNVD-201903-594

CONFIGURATIONS

sources: JVNDB: JVNDB-2019-002621

PATCH

title:

Top Page

url:

https://www.fujitsu.com/emeia/

Trust: 0.8

sources: JVNDB: JVNDB-2019-002621

EXTERNAL IDS

db:	NVD	id:	CVE-2019-9835	Trust: 2.9
db:	BID	id:	107440	Trust: 2.1
db:	JVNDB	id:	JVNDB-2019-002621	Trust: 0.8
db:	CNNVD	id:	CNNVD-201903-594	Trust: 0.7
db:	VULHUB	id:	VHN-161270	Trust: 0.1
db:	VULMON	id:	CVE-2019-9835	Trust: 0.1

sources: VULHUB: VHN-161270 // VULMON: CVE-2019-9835 // BID: 107440 // JVNDB: JVNDB-2019-002621 // CNNVD: CNNVD-201903-594 // NVD: CVE-2019-9835

REFERENCES

url:	https://www.syss.de/fileadmin/dokumente/publikationen/advisories/syss-2018-033.txt	Trust: 2.9
url:	http://www.securityfocus.com/bid/107440	Trust: 2.5
url:	https://nvd.nist.gov/vuln/detail/cve-2019-9835	Trust: 1.4
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-9835	Trust: 0.8
url:	http://www.fujitsu.com/fts/products/computing/peripheral/accessories/input-devices/keyboards/wl-keyboard-lx901.html	Trust: 0.3
url:	https://seclists.org/bugtraq/2019/mar/19	Trust: 0.3
url:	https://cwe.mitre.org/data/definitions/.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1

sources: VULHUB: VHN-161270 // VULMON: CVE-2019-9835 // BID: 107440 // JVNDB: JVNDB-2019-002621 // CNNVD: CNNVD-201903-594 // NVD: CVE-2019-9835

CREDITS

Matthias Deeg from SySS GmbH.

Trust: 0.9

sources: BID: 107440 // CNNVD: CNNVD-201903-594

SOURCES

db:	VULHUB	id:	VHN-161270
db:	VULMON	id:	CVE-2019-9835
db:	BID	id:	107440
db:	JVNDB	id:	JVNDB-2019-002621
db:	CNNVD	id:	CNNVD-201903-594
db:	NVD	id:	CVE-2019-9835

LAST UPDATE DATE

2024-11-23T22:30:08.106000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-161270	date:	2020-08-24T00:00:00
db:	VULMON	id:	CVE-2019-9835	date:	2020-08-24T00:00:00
db:	BID	id:	107440	date:	2019-03-15T00:00:00
db:	JVNDB	id:	JVNDB-2019-002621	date:	2019-04-16T00:00:00
db:	CNNVD	id:	CNNVD-201903-594	date:	2020-08-25T00:00:00
db:	NVD	id:	CVE-2019-9835	date:	2024-11-21T04:52:24.210

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-161270	date:	2019-03-15T00:00:00
db:	VULMON	id:	CVE-2019-9835	date:	2019-03-15T00:00:00
db:	BID	id:	107440	date:	2019-03-15T00:00:00
db:	JVNDB	id:	JVNDB-2019-002621	date:	2019-04-16T00:00:00
db:	CNNVD	id:	CNNVD-201903-594	date:	2019-03-15T00:00:00
db:	NVD	id:	CVE-2019-9835	date:	2019-03-15T18:29:00.750