Sign-up

ID

VAR-201906-0442


CVE

CVE-2019-13053


TITLE

Logitech Unifying Device injection vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2019-006070

DESCRIPTION

Logitech Unifying devices allow keystroke injection, bypassing encryption. The attacker must press a "magic" key combination while sniffing cryptographic data from a Radio Frequency transmission. NOTE: this issue exists because of an incomplete fix for CVE-2016-10761. This vulnerability CVE-2016-10761 This vulnerability is due to an incomplete fix.Information may be tampered with. Logitech Unifying is a USB signal receiver from Logitech, Switzerland. The vulnerability stems from the fact that the network system or product lacks correct verification of user input data during the operation process of user input to construct commands, data structures, or records, and does not filter or correctly filter out special elements in it, resulting in parsing or failure of the system or product. Wrong way of interpreting

Trust: 1.71

sources: NVD: CVE-2019-13053 // JVNDB: JVNDB-2019-006070 // VULHUB: VHN-144861

AFFECTED PRODUCTS

vendor:logitechmodel:unifying receiverscope:eqversion: -

Trust: 1.0

vendor:logitechmodel:unifying receiverscope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2019-006070 // NVD: CVE-2019-13053

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-13053
value: MEDIUM

Trust: 1.0

NVD: CVE-2019-13053
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201906-1142
value: MEDIUM

Trust: 0.6

VULHUB: VHN-144861
value: LOW

Trust: 0.1

nvd@nist.gov: CVE-2019-13053
severity: LOW
baseScore: 3.3
vectorString: AV:A/AC:L/AU:N/C:N/I:P/A:N
accessVector: ADJACENT_NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 6.5
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-144861
severity: LOW
baseScore: 3.3
vectorString: AV:A/AC:L/AU:N/C:N/I:P/A:N
accessVector: ADJACENT_NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 6.5
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2019-13053
baseSeverity: MEDIUM
baseScore: 6.5
vectorString: CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
attackVector: ADJACENT
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: HIGH
availabilityImpact: NONE
exploitabilityScore: 2.8
impactScore: 3.6
version: 3.0

Trust: 1.8

sources: VULHUB: VHN-144861 // JVNDB: JVNDB-2019-006070 // CNNVD: CNNVD-201906-1142 // NVD: CVE-2019-13053

PROBLEMTYPE DATA

problemtype:NVD-CWE-noinfo

Trust: 1.0

problemtype:CWE-74

Trust: 0.9

sources: VULHUB: VHN-144861 // JVNDB: JVNDB-2019-006070 // NVD: CVE-2019-13053

THREAT TYPE

remote or local

Trust: 0.6

sources: CNNVD: CNNVD-201906-1142

TYPE

injection

Trust: 0.6

sources: CNNVD: CNNVD-201906-1142

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2019-006070

PATCH
title:USB Unifying receiverurl:https://www.logicool.co.jp/ja-jp/product/unifying-receiver-usb
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2019-006070

EXTERNAL IDS
db:NVDid:CVE-2019-13053
Trust: 2.5
db:JVNDBid:JVNDB-2019-006070
Trust: 0.8
db:CNNVDid:CNNVD-201906-1142
Trust: 0.7
db:VULHUBid:VHN-144861
Trust: 0.1
sources:
            
            
            VULHUB: VHN-144861 // 
            
            
            
            JVNDB: JVNDB-2019-006070 // 
            
            
            
            CNNVD: CNNVD-201906-1142 // 
            
            
            
            NVD: CVE-2019-13053

REFERENCES
url:https://www.youtube.com/watch?v=eksyco0dzys
Trust: 2.5
url:https://nvd.nist.gov/vuln/detail/cve-2019-13053
Trust: 1.4
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-13053
Trust: 0.8
sources:
            
            
            VULHUB: VHN-144861 // 
            
            
            
            JVNDB: JVNDB-2019-006070 // 
            
            
            
            CNNVD: CNNVD-201906-1142 // 
            
            
            
            NVD: CVE-2019-13053

SOURCES
db:VULHUBid:VHN-144861
db:JVNDBid:JVNDB-2019-006070
db:CNNVDid:CNNVD-201906-1142
db:NVDid:CVE-2019-13053

LAST UPDATE DATE
2024-11-23T23:01:49.240000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-144861date:2020-08-24T00:00:00
db:JVNDBid:JVNDB-2019-006070date:2019-07-09T00:00:00
db:CNNVDid:CNNVD-201906-1142date:2020-08-25T00:00:00
db:NVDid:CVE-2019-13053date:2024-11-21T04:24:06.860

SOURCES RELEASE DATE
db:VULHUBid:VHN-144861date:2019-06-29T00:00:00
db:JVNDBid:JVNDB-2019-006070date:2019-07-09T00:00:00
db:CNNVDid:CNNVD-201906-1142date:2019-06-29T00:00:00
db:NVDid:CVE-2019-13053date:2019-06-29T20:15:09.277