Sign-up

ID

VAR-201906-0444


CVE

CVE-2019-13055


TITLE

Logitech Unifying Device and K360 keyboard Vulnerable to information disclosure

Trust: 0.8

sources: JVNDB: JVNDB-2019-006072

DESCRIPTION

Certain Logitech Unifying devices allow attackers to dump AES keys and addresses, leading to the capability of live decryption of Radio Frequency transmissions, as demonstrated by an attack against a Logitech K360 keyboard. Logitech Unifying Device and K360 keyboard Contains an information disclosure vulnerability.Information may be obtained. Logitech Unifying is a USB signal receiver from Logitech, Switzerland. This vulnerability stems from configuration errors in network systems or products during operation. An unauthorized attacker could exploit the vulnerability to obtain sensitive information of the affected components

Trust: 1.71

sources: NVD: CVE-2019-13055 // JVNDB: JVNDB-2019-006072 // VULHUB: VHN-144863

AFFECTED PRODUCTS

vendor:logitechmodel:k360scope:eqversion: -

Trust: 1.0

vendor:logitechmodel:unifying receiverscope:eqversion: -

Trust: 1.0

vendor:logitechmodel:k360scope: - version: -

Trust: 0.8

vendor:logitechmodel:unifying receiverscope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2019-006072 // NVD: CVE-2019-13055

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-13055
value: MEDIUM

Trust: 1.0

NVD: CVE-2019-13055
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201906-1141
value: MEDIUM

Trust: 0.6

VULHUB: VHN-144863
value: LOW

Trust: 0.1

nvd@nist.gov: CVE-2019-13055
severity: LOW
baseScore: 3.3
vectorString: AV:A/AC:L/AU:N/C:P/I:N/A:N
accessVector: ADJACENT_NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 6.5
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-144863
severity: LOW
baseScore: 3.3
vectorString: AV:A/AC:L/AU:N/C:P/I:N/A:N
accessVector: ADJACENT_NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 6.5
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2019-13055
baseSeverity: MEDIUM
baseScore: 6.5
vectorString: CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector: ADJACENT
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 2.8
impactScore: 3.6
version: 3.0

Trust: 1.8

sources: VULHUB: VHN-144863 // JVNDB: JVNDB-2019-006072 // CNNVD: CNNVD-201906-1141 // NVD: CVE-2019-13055

PROBLEMTYPE DATA

problemtype:CWE-200

Trust: 1.9

sources: VULHUB: VHN-144863 // JVNDB: JVNDB-2019-006072 // NVD: CVE-2019-13055

THREAT TYPE

remote or local

Trust: 0.6

sources: CNNVD: CNNVD-201906-1141

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-201906-1141

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2019-006072

PATCH
title:Wireless Keyboard K360rurl:https://www.logicool.co.jp/ja-jp/product/keyboard-k360r
Trust: 0.8
title:USB Unifying receiverurl:https://www.logicool.co.jp/ja-jp/product/unifying-receiver-usb
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2019-006072

EXTERNAL IDS
db:NVDid:CVE-2019-13055
Trust: 2.5
db:JVNDBid:JVNDB-2019-006072
Trust: 0.8
db:CNNVDid:CNNVD-201906-1141
Trust: 0.7
db:VULHUBid:VHN-144863
Trust: 0.1
sources:
            
            
            VULHUB: VHN-144863 // 
            
            
            
            JVNDB: JVNDB-2019-006072 // 
            
            
            
            CNNVD: CNNVD-201906-1141 // 
            
            
            
            NVD: CVE-2019-13055

REFERENCES
url:https://www.youtube.com/watch?v=5z_pez5pyea
Trust: 2.5
url:https://nvd.nist.gov/vuln/detail/cve-2019-13055
Trust: 1.4
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-13055
Trust: 0.8
sources:
            
            
            VULHUB: VHN-144863 // 
            
            
            
            JVNDB: JVNDB-2019-006072 // 
            
            
            
            CNNVD: CNNVD-201906-1141 // 
            
            
            
            NVD: CVE-2019-13055

SOURCES
db:VULHUBid:VHN-144863
db:JVNDBid:JVNDB-2019-006072
db:CNNVDid:CNNVD-201906-1141
db:NVDid:CVE-2019-13055

LAST UPDATE DATE
2024-11-23T21:52:11.190000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-144863date:2019-07-08T00:00:00
db:JVNDBid:JVNDB-2019-006072date:2019-07-09T00:00:00
db:CNNVDid:CNNVD-201906-1141date:2019-07-10T00:00:00
db:NVDid:CVE-2019-13055date:2024-11-21T04:24:07.143

SOURCES RELEASE DATE
db:VULHUBid:VHN-144863date:2019-06-29T00:00:00
db:JVNDBid:JVNDB-2019-006072date:2019-07-09T00:00:00
db:CNNVDid:CNNVD-201906-1141date:2019-06-29T00:00:00
db:NVDid:CVE-2019-13055date:2019-06-29T20:15:09.387