Sign-up

ID

VAR-201907-1044


CVE

CVE-2017-11579


TITLE

Blipcare Wireless Blood pressure monitor Vulnerabilities related to security functions

Trust: 0.8

sources: JVNDB: JVNDB-2017-014574

DESCRIPTION

In the most recent firmware for Blipcare, the device provides an open Wireless network called "Blip" for communicating with the device. The user connects to this open Wireless network and uses the web management interface of the device to provide the user's Wi-Fi credentials so that the device can connect to it and have Internet access. This device acts as a Wireless Blood pressure monitor and is used to measure blood pressure levels of a person. This allows an attacker who is in vicinity of Wireless signal generated by the Blipcare device to easily sniff the credentials. Also, an attacker can connect to the open wireless network "Blip" exposed by the device and modify the HTTP response presented to the user by the device to execute other attacks such as convincing the user to download and execute a malicious binary that would infect a user's computer or mobile device with malware. There is a security flaw in the Blipcare device. Remote attackers can use this vulnerability to sniff credentials, modify HTTP responses, and perform other attacks (for example, tricking users into downloading and executing malicious binary files)

Trust: 1.8

sources: NVD: CVE-2017-11579 // JVNDB: JVNDB-2017-014574 // VULHUB: VHN-102015 // VULMON: CVE-2017-11579

AFFECTED PRODUCTS

vendor:blipcaremodel:wi-fi blood pressure monitorscope:lteversion:bp700_10.1

Trust: 1.0

vendor:blipcaremodel:wifi blood pressure monitorscope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2017-014574 // NVD: CVE-2017-11579

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2017-11579
value: HIGH

Trust: 1.0

NVD: CVE-2017-11579
value: HIGH

Trust: 0.8

CNNVD: CNNVD-201707-1027
value: HIGH

Trust: 0.6

VULHUB: VHN-102015
value: MEDIUM

Trust: 0.1

VULMON: CVE-2017-11579
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2017-11579
severity: MEDIUM
baseScore: 4.8
vectorString: AV:A/AC:L/AU:N/C:P/I:P/A:N
accessVector: ADJACENT_NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 6.5
impactScore: 4.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

VULHUB: VHN-102015
severity: MEDIUM
baseScore: 4.8
vectorString: AV:A/AC:L/AU:N/C:P/I:P/A:N
accessVector: ADJACENT_NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 6.5
impactScore: 4.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2017-11579
baseSeverity: HIGH
baseScore: 7.1
vectorString: CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N
attackVector: ADJACENT
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: 2.8
impactScore: 4.2
version: 3.0

Trust: 1.8

sources: VULHUB: VHN-102015 // VULMON: CVE-2017-11579 // JVNDB: JVNDB-2017-014574 // CNNVD: CNNVD-201707-1027 // NVD: CVE-2017-11579

PROBLEMTYPE DATA

problemtype:CWE-254

Trust: 1.9

sources: VULHUB: VHN-102015 // JVNDB: JVNDB-2017-014574 // NVD: CVE-2017-11579

THREAT TYPE

remote or local

Trust: 0.6

sources: CNNVD: CNNVD-201707-1027

TYPE

security feature problem

Trust: 0.6

sources: CNNVD: CNNVD-201707-1027

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2017-014574

PATCH
title:Wi-Fi Blood Pressure Monitorurl:http://www.blipcare.com/blip-bp.html
Trust: 0.8
title:Blipcare Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=94345
Trust: 0.6
title:IoT_vulnerabilitiesurl:https://github.com/ethanhunnt/IoT_vulnerabilities 
Trust: 0.1
sources:
            
            
            VULMON: CVE-2017-11579 // 
            
            
            
            JVNDB: JVNDB-2017-014574 // 
            
            
            
            CNNVD: CNNVD-201707-1027

EXTERNAL IDS
db:NVDid:CVE-2017-11579
Trust: 2.7
db:PACKETSTORMid:153225
Trust: 1.9
db:JVNDBid:JVNDB-2017-014574
Trust: 0.8
db:CNNVDid:CNNVD-201707-1027
Trust: 0.7
db:VULHUBid:VHN-102015
Trust: 0.1
db:VULMONid:CVE-2017-11579
Trust: 0.1
sources:
            
            
            VULHUB: VHN-102015 // 
            
            
            
            VULMON: CVE-2017-11579 // 
            
            
            
            JVNDB: JVNDB-2017-014574 // 
            
            
            
            PACKETSTORM: 153225 // 
            
            
            
            CNNVD: CNNVD-201707-1027 // 
            
            
            
            NVD: CVE-2017-11579

REFERENCES
url:https://github.com/ethanhunnt/iot_vulnerabilities/blob/master/blipcare_sec_issues.pdf
Trust: 2.6
url:https://seclists.org/bugtraq/2019/jun/8
Trust: 1.8
url:http://packetstormsecurity.com/files/153225/blipcare-clear-text-communication-memory-corruption.html
Trust: 1.8
url:https://nvd.nist.gov/vuln/detail/cve-2017-11579
Trust: 1.5
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-11579
Trust: 0.8
url:https://cwe.mitre.org/data/definitions/254.html
Trust: 0.1
url:https://nvd.nist.gov
Trust: 0.1
url:https://github.com/ethanhunnt/iot_vulnerabilities
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2017-11580
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2017-11578
Trust: 0.1
sources:
            
            
            VULHUB: VHN-102015 // 
            
            
            
            VULMON: CVE-2017-11579 // 
            
            
            
            JVNDB: JVNDB-2017-014574 // 
            
            
            
            PACKETSTORM: 153225 // 
            
            
            
            CNNVD: CNNVD-201707-1027 // 
            
            
            
            NVD: CVE-2017-11579

CREDITS
Mandar Satam
Trust: 0.1
sources:
            
            
            PACKETSTORM: 153225

SOURCES
db:VULHUBid:VHN-102015
db:VULMONid:CVE-2017-11579
db:JVNDBid:JVNDB-2017-014574
db:PACKETSTORMid:153225
db:CNNVDid:CNNVD-201707-1027
db:NVDid:CVE-2017-11579

LAST UPDATE DATE
2024-11-23T22:16:57.059000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-102015date:2019-07-15T00:00:00
db:VULMONid:CVE-2017-11579date:2019-07-15T00:00:00
db:JVNDBid:JVNDB-2017-014574date:2019-07-17T00:00:00
db:CNNVDid:CNNVD-201707-1027date:2019-07-16T00:00:00
db:NVDid:CVE-2017-11579date:2024-11-21T03:08:04.190

SOURCES RELEASE DATE
db:VULHUBid:VHN-102015date:2019-07-02T00:00:00
db:VULMONid:CVE-2017-11579date:2019-07-02T00:00:00
db:JVNDBid:JVNDB-2017-014574date:2019-07-17T00:00:00
db:PACKETSTORMid:153225date:2019-06-07T15:06:02
db:CNNVDid:CNNVD-201707-1027date:2017-07-24T00:00:00
db:NVDid:CVE-2017-11579date:2019-07-02T21:15:09.930