Sign-up

ID

VAR-201905-0061


CVE

CVE-2019-9861


TITLE

ABUS Secvest FUAA50000 wireless alarm Cryptographic vulnerabilities in systems

Trust: 0.8

sources: JVNDB: JVNDB-2019-004631

DESCRIPTION

Due to the use of an insecure RFID technology (MIFARE Classic), ABUS proximity chip keys (RFID tokens) of the ABUS Secvest FUAA50000 wireless alarm system can easily be cloned and used to deactivate the alarm system in an unauthorized way. ABUS Secvest FUAA50000 wireless alarm There are cryptographic vulnerabilities in the system.Information may be obtained and information may be altered. ABUSSecvestFUAA50000 is a wireless remote control from ABUS, Germany. An encryption issue vulnerability exists in ABUSSecvestFUAA50000 using firmware version 3.01.01. The vulnerability stems from the network system or product not using the relevant cryptographic algorithm correctly, resulting in content not being properly encrypted, weakly encrypted, and plaintext storage sensitive information. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Advisory ID: SYSS-2019-005 Product: ABUS Secvest (FUAA50000) Manufacturer: ABUS Affected Version(s): v3.01.01 Tested Version(s): v3.01.01 Vulnerability Type: Cryptographic Issues (CWE-310) Risk Level: Medium Solution Status: Open Manufacturer Notification: 2019-03-15 Solution Date: - Public Disclosure: 2019-05-02 CVE Reference: CVE-2019-9861 Authors of Advisory: Matthias Deeg, Gerhard Klostermeier (SySS GmbH) ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Overview: ABUS Secvest (FUAA50000) is a wireless alarm system with different features. The information stored on the used proximity keys can be read easily in a very short time from distances up to 1 meter, depending on the used RFID reader. A working cloned RFID token is ready for use within a couple of seconds using freely available tools. All three RFID cloning attacks are demonstrated in our SySS proof-of-concept video "ABUS Secvest Proximity Key Cloning PoC Attack" [6]. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution: SySS GmbH is not aware of a solution for this reported security vulnerability. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Disclosure Timeline: 2019-03-15: Vulnerability reported to manufacturer 2016-05-02: Public release of security advisory ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ References: [1] Product website for ABUS Secvest wireless alarm system https://www.abus.com/eng/Home-Security/Alarm-systems/Secvest-wireless-alarm-system/Alarm-panels-and-kits/Secvest-Wireless-Alarm-System [2] Product website for ABUS proximity chip key https://www.abus.com/eng/Home-Security/Alarm-systems/Secvest-wireless-alarm-system/Control-devices-and-extensions/Proximity-Chip-Key [3] MIFARE Classic Tool - MCT https://play.google.com/store/apps/details?id=de.syss.MifareClassicTool [4] GitHub repository of ChameleonMini https://github.com/emsec/ChameleonMini [5] OBO Hands RFID/NFC Reader/Writer https://www.amazon.de/dp/B07DHL9XQ4/ [6] SySS Proof-of-Concept Video: ABUS Secvest Proximity Key Cloning PoC Attack https://youtu.be/sPyXTQXTEcQ [7] SySS Security Advisory SYSS-2019-005 https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2019-005.txt [8] SySS GmbH, SySS Responsible Disclosure Policy https://www.syss.de/en/news/responsible-disclosure-policy/ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Credits: This security vulnerability was found by Matthias Deeg and Gerhard Klostermeier of SySS GmbH. E-Mail: matthias.deeg (at) syss.de Public Key: https://www.syss.de/fileadmin/dokumente/Materialien/PGPKeys/Matthias_Deeg.asc Key fingerprint = D1F0 A035 F06C E675 CDB9 0514 D9A4 BF6A 34AD 4DAB E-Mail: gerhard.klostermeier (at) syss.de Public Key: https://www.syss.de/fileadmin/dokumente/PGPKeys/Gerhard_Klostermeier.asc Key fingerprint = 8A9E 75CC D510 4FF6 8DB5 CC30 3802 3AAB 573E B2E7 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Disclaimer: The information provided in this security advisory is provided "as is" and without warranty of any kind. Details of this security advisory may be updated in order to provide as accurate information as possible. The latest version of this security advisory is available on the SySS Web site. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Copyright: Creative Commons - Attribution (by) - Version 3.0 URL: http://creativecommons.org/licenses/by/3.0/deed.en -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEE0fCgNfBs5nXNuQUU2aS/ajStTasFAlzKsdkACgkQ2aS/ajSt TaujyQ/9FASdsNHxRgsOvBhw0V4+VPsVDprGjA4h39bhDJ8f4XIcAzz6ZUiXnR+0 2/0N7MkbFV4gjAmq6TVLQjw6bAlLVRHpLaWsWWQQGjDedynljMlls+bBNsIDLmfz 9mBl8S2lp26jycLgtPgL0hdjzBok9Gf6UZt5H2AnXkfDwthjqR7Ln+x4t3potLJt d87l4Xe/C1x1aMmiJWRy3CxzGTDtCoD/CwBTGvTCTPHnF/9gRobHPLIho6RKzwRE WUtTKQ9me19E5NYX7lPgF3UUcMxVP3f5Yf32K6XnuByEbk0LHiJzKxXNdMT/MCP4 jWAVkWtXHshWb17aGBCbcI1zt9DJEis6dPgm2PJ+qVE/C4s4EszDe/Hc7wgH3fU9 iXY/+SHhgBml55WyNssH+u6TBiIr20/YyABcPQmzCP97sPWzBxMrUlzaad88dsGO I6O9TlcveBrKDcyj8+frv/c+7BU95ZOZmUDLZJ99/KXF1APRGG6JaIQsJm1pi36W O4gUFgUSZ+SiELf/ZsFP3dgPaHMG/pyEVH6mYQKVrm8hEYL/Iyi9WYk4G9TztGN2 g7fkpTI4cTcPYkj9uPBMc5RWCPKCRflkG8QAxf92FBA1rNF3oJYEXQH2RQuvzYqB ghpsBL30GyEjh2DFo/sUzMPUt1Wl1otw3CzEH4eVqIX5J620ol4= =km71 -----END PGP SIGNATURE-----

Trust: 2.34

sources: NVD: CVE-2019-9861 // JVNDB: JVNDB-2019-004631 // CNVD: CNVD-2019-15916 // VULHUB: VHN-161296 // PACKETSTORM: 152714

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2019-15916

AFFECTED PRODUCTS

vendor:abusmodel:secvest wireless alarm system fuaa50000scope:eqversion:3.01.01

Trust: 1.0

vendor:abusmodel:secvest wireless alarm system fuaa50000scope: - version: -

Trust: 0.8

vendor:abusmodel:secvest fuaa50000scope:eqversion:3.01.01

Trust: 0.6

sources: CNVD: CNVD-2019-15916 // JVNDB: JVNDB-2019-004631 // NVD: CVE-2019-9861

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-9861
value: HIGH

Trust: 1.0

NVD: CVE-2019-9861
value: HIGH

Trust: 0.8

CNVD: CNVD-2019-15916
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-201905-099
value: MEDIUM

Trust: 0.6

VULHUB: VHN-161296
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2019-9861
severity: MEDIUM
baseScore: 4.8
vectorString: AV:A/AC:L/AU:N/C:P/I:P/A:N
accessVector: ADJACENT_NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 6.5
impactScore: 4.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2019-15916
severity: MEDIUM
baseScore: 4.8
vectorString: AV:A/AC:L/AU:N/C:P/I:P/A:N
accessVector: ADJACENT_NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 6.5
impactScore: 4.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-161296
severity: MEDIUM
baseScore: 4.8
vectorString: AV:A/AC:L/AU:N/C:P/I:P/A:N
accessVector: ADJACENT_NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 6.5
impactScore: 4.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2019-9861
baseSeverity: HIGH
baseScore: 8.1
vectorString: CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
attackVector: ADJACENT
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: NONE
exploitabilityScore: 2.8
impactScore: 5.2
version: 3.0

Trust: 1.8

sources: CNVD: CNVD-2019-15916 // VULHUB: VHN-161296 // JVNDB: JVNDB-2019-004631 // CNNVD: CNNVD-201905-099 // NVD: CVE-2019-9861

PROBLEMTYPE DATA

problemtype:CWE-310

Trust: 1.9

sources: VULHUB: VHN-161296 // JVNDB: JVNDB-2019-004631 // NVD: CVE-2019-9861

THREAT TYPE

remote or local

Trust: 0.6

sources: CNNVD: CNNVD-201905-099

TYPE

encryption problem

Trust: 0.6

sources: CNNVD: CNNVD-201905-099

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2019-004631

PATCH
title:Top Pageurl:https://www.abus.com/
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2019-004631

EXTERNAL IDS
db:NVDid:CVE-2019-9861
Trust: 3.2
db:PACKETSTORMid:152714
Trust: 2.4
db:JVNDBid:JVNDB-2019-004631
Trust: 0.8
db:CNNVDid:CNNVD-201905-099
Trust: 0.7
db:CNVDid:CNVD-2019-15916
Trust: 0.6
db:VULHUBid:VHN-161296
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2019-15916 // 
            
            
            
            VULHUB: VHN-161296 // 
            
            
            
            JVNDB: JVNDB-2019-004631 // 
            
            
            
            PACKETSTORM: 152714 // 
            
            
            
            CNNVD: CNNVD-201905-099 // 
            
            
            
            NVD: CVE-2019-9861

REFERENCES
url:http://packetstormsecurity.com/files/152714/abus-secvest-3.01.01-cryptographic-issues.html
Trust: 2.9
url:https://www.syss.de/fileadmin/dokumente/publikationen/advisories/syss-2019-005.txt
Trust: 2.6
url:https://seclists.org/bugtraq/2019/may/1
Trust: 1.7
url:http://seclists.org/fulldisclosure/2019/may/3
Trust: 1.7
url:https://nvd.nist.gov/vuln/detail/cve-2019-9861
Trust: 1.5
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-9861
Trust: 0.8
url:http://creativecommons.org/licenses/by/3.0/deed.en
Trust: 0.1
url:https://www.amazon.de/dp/b07dhl9xq4/
Trust: 0.1
url:https://github.com/emsec/chameleonmini
Trust: 0.1
url:https://www.abus.com/eng/home-security/alarm-systems/secvest-wireless-alarm-system/control-devices-and-extensions/proximity-chip-key
Trust: 0.1
url:https://www.syss.de/en/news/responsible-disclosure-policy/
Trust: 0.1
url:https://www.syss.de/fileadmin/dokumente/materialien/pgpkeys/matthias_deeg.asc
Trust: 0.1
url:https://youtu.be/spyxtqxtecq
Trust: 0.1
url:https://www.syss.de/fileadmin/dokumente/pgpkeys/gerhard_klostermeier.asc
Trust: 0.1
url:https://www.abus.com/eng/home-security/alarm-systems/secvest-wireless-alarm-system/alarm-panels-and-kits/secvest-wireless-alarm-system
Trust: 0.1
url:https://play.google.com/store/apps/details?id=de.syss.mifareclassictool
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2019-15916 // 
            
            
            
            VULHUB: VHN-161296 // 
            
            
            
            JVNDB: JVNDB-2019-004631 // 
            
            
            
            PACKETSTORM: 152714 // 
            
            
            
            CNNVD: CNNVD-201905-099 // 
            
            
            
            NVD: CVE-2019-9861

CREDITS
Matthias Deeg
Trust: 0.6
sources:
            
            
            CNNVD: CNNVD-201905-099

SOURCES
db:CNVDid:CNVD-2019-15916
db:VULHUBid:VHN-161296
db:JVNDBid:JVNDB-2019-004631
db:PACKETSTORMid:152714
db:CNNVDid:CNNVD-201905-099
db:NVDid:CVE-2019-9861

LAST UPDATE DATE
2024-11-23T22:41:30.560000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2019-15916date:2019-06-19T00:00:00
db:VULHUBid:VHN-161296date:2019-05-17T00:00:00
db:JVNDBid:JVNDB-2019-004631date:2019-06-05T00:00:00
db:CNNVDid:CNNVD-201905-099date:2019-05-24T00:00:00
db:NVDid:CVE-2019-9861date:2024-11-21T04:52:27.510

SOURCES RELEASE DATE
db:CNVDid:CNVD-2019-15916date:2019-05-30T00:00:00
db:VULHUBid:VHN-161296date:2019-05-14T00:00:00
db:JVNDBid:JVNDB-2019-004631date:2019-06-05T00:00:00
db:PACKETSTORMid:152714date:2019-05-02T23:02:22
db:CNNVDid:CNNVD-201905-099date:2019-05-02T00:00:00
db:NVDid:CVE-2019-9861date:2019-05-14T17:29:08.397