Sign-up

ID

VAR-201906-0441


CVE

CVE-2019-13052


TITLE

Logitech Unifying Information disclosure vulnerability in devices

Trust: 0.8

sources: JVNDB: JVNDB-2019-006069

DESCRIPTION

Logitech Unifying devices allow live decryption if the pairing of a keyboard to a receiver is sniffed. Logitech Unifying The device contains an information disclosure vulnerability.Information may be obtained. Logitech Unifying is a USB signal receiver from Logitech, Switzerland. This vulnerability stems from configuration errors in network systems or products during operation. An unauthorized attacker could exploit the vulnerability to obtain sensitive information of the affected components

Trust: 1.8

sources: NVD: CVE-2019-13052 // JVNDB: JVNDB-2019-006069 // VULHUB: VHN-144860 // VULMON: CVE-2019-13052

AFFECTED PRODUCTS

vendor:logitechmodel:unifying receiverscope:eqversion: -

Trust: 1.0

vendor:logitechmodel:unifying receiverscope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2019-006069 // NVD: CVE-2019-13052

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-13052
value: MEDIUM

Trust: 1.0

NVD: CVE-2019-13052
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201906-1138
value: MEDIUM

Trust: 0.6

VULHUB: VHN-144860
value: LOW

Trust: 0.1

VULMON: CVE-2019-13052
value: LOW

Trust: 0.1

nvd@nist.gov: CVE-2019-13052
severity: LOW
baseScore: 3.3
vectorString: AV:A/AC:L/AU:N/C:P/I:N/A:N
accessVector: ADJACENT_NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 6.5
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

VULHUB: VHN-144860
severity: LOW
baseScore: 3.3
vectorString: AV:A/AC:L/AU:N/C:P/I:N/A:N
accessVector: ADJACENT_NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 6.5
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2019-13052
baseSeverity: MEDIUM
baseScore: 6.5
vectorString: CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector: ADJACENT
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 2.8
impactScore: 3.6
version: 3.0

Trust: 1.8

sources: VULHUB: VHN-144860 // VULMON: CVE-2019-13052 // JVNDB: JVNDB-2019-006069 // CNNVD: CNNVD-201906-1138 // NVD: CVE-2019-13052

PROBLEMTYPE DATA

problemtype:CWE-327

Trust: 1.1

problemtype:CWE-200

Trust: 0.9

sources: VULHUB: VHN-144860 // JVNDB: JVNDB-2019-006069 // NVD: CVE-2019-13052

THREAT TYPE

remote or local

Trust: 0.6

sources: CNNVD: CNNVD-201906-1138

TYPE

encryption problem

Trust: 0.6

sources: CNNVD: CNNVD-201906-1138

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2019-006069

PATCH
title:USB Unifying receiverurl:https://www.logicool.co.jp/ja-jp/product/unifying-receiver-usb
Trust: 0.8
title:LOGITackerurl:https://github.com/mame82/LOGITacker 
Trust: 0.1
title:munifying_pre_releaseurl:https://github.com/mame82/munifying_pre_release 
Trust: 0.1
title:munifyingurl:https://github.com/mame82/munifying 
Trust: 0.1
title:LOGITackerurl:https://github.com/RoganDawes/LOGITacker 
Trust: 0.1
title:LOGITackerurl:https://github.com/FMehault/LOGITacker 
Trust: 0.1
title:BleepingComputerurl:https://www.bleepingcomputer.com/news/security/logitech-unifying-receivers-vulnerable-to-key-injection-attacks/
Trust: 0.1
sources:
            
            
            VULMON: CVE-2019-13052 // 
            
            
            
            JVNDB: JVNDB-2019-006069

EXTERNAL IDS
db:NVDid:CVE-2019-13052
Trust: 2.6
db:JVNDBid:JVNDB-2019-006069
Trust: 0.8
db:CNNVDid:CNNVD-201906-1138
Trust: 0.7
db:VULHUBid:VHN-144860
Trust: 0.1
db:VULMONid:CVE-2019-13052
Trust: 0.1
sources:
            
            
            VULHUB: VHN-144860 // 
            
            
            
            VULMON: CVE-2019-13052 // 
            
            
            
            JVNDB: JVNDB-2019-006069 // 
            
            
            
            CNNVD: CNNVD-201906-1138 // 
            
            
            
            NVD: CVE-2019-13052

REFERENCES
url:https://www.youtube.com/watch?v=grj7i2j_y80
Trust: 2.6
url:https://nvd.nist.gov/vuln/detail/cve-2019-13052
Trust: 1.4
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-13052
Trust: 0.8
url:https://cwe.mitre.org/data/definitions/327.html
Trust: 0.1
url:https://nvd.nist.gov
Trust: 0.1
url:https://github.com/mame82/logitacker
Trust: 0.1
sources:
            
            
            VULHUB: VHN-144860 // 
            
            
            
            VULMON: CVE-2019-13052 // 
            
            
            
            JVNDB: JVNDB-2019-006069 // 
            
            
            
            CNNVD: CNNVD-201906-1138 // 
            
            
            
            NVD: CVE-2019-13052

SOURCES
db:VULHUBid:VHN-144860
db:VULMONid:CVE-2019-13052
db:JVNDBid:JVNDB-2019-006069
db:CNNVDid:CNNVD-201906-1138
db:NVDid:CVE-2019-13052

LAST UPDATE DATE
2024-11-23T22:16:58.928000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-144860date:2020-08-24T00:00:00
db:VULMONid:CVE-2019-13052date:2020-08-24T00:00:00
db:JVNDBid:JVNDB-2019-006069date:2019-07-09T00:00:00
db:CNNVDid:CNNVD-201906-1138date:2020-10-28T00:00:00
db:NVDid:CVE-2019-13052date:2024-11-21T04:24:06.717

SOURCES RELEASE DATE
db:VULHUBid:VHN-144860date:2019-06-29T00:00:00
db:VULMONid:CVE-2019-13052date:2019-06-29T00:00:00
db:JVNDBid:JVNDB-2019-006069date:2019-07-09T00:00:00
db:CNNVDid:CNNVD-201906-1138date:2019-06-29T00:00:00
db:NVDid:CVE-2019-13052date:2019-06-29T20:15:09.230