Sign-up

ID

VAR-201908-0924


CVE

CVE-2019-14359


TITLE

BC Vault Information Disclosure Vulnerability

Trust: 1.2

sources: CNVD: CNVD-2019-27429 // CNNVD: CNNVD-201908-712

DESCRIPTION

On BC Vault devices, a side channel for the row-based SSD1309 OLED display was found. The power consumption of each row-based display cycle depends on the number of illuminated pixels, allowing a partial recovery of display contents. For example, a hardware implant in the USB cable might be able to leverage this behavior to recover a data value. In other words, the side channel is relevant only if the attacker has enough control over the device's USB connection to make power-consumption measurements at a time when secret data is displayed. The side channel is not relevant in other circumstances, such as a stolen device that is not currently displaying secret data. NOTE: the vendor's position is that there is no security impact: the only potentially leaked information is the number of characters in the PIN. ** Unsettled ** This case has not been confirmed as a vulnerability. The vendor has disputed this vulnerability. For details, see NVD of Current Description Please Confirm. https://nvd.nist.gov/vuln/detail/CVE-2019-14359Information may be obtained. The vulnerability stems from errors in the configuration of the network system or product during operation. An unauthorized attacker can exploit the vulnerability to obtain sensitive information about the affected component

Trust: 2.34

sources: NVD: CVE-2019-14359 // JVNDB: JVNDB-2019-008036 // CNVD: CNVD-2019-27429 // VULHUB: VHN-146297 // VULMON: CVE-2019-14359

IOT TAXONOMY

category:['IoT']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2019-27429

AFFECTED PRODUCTS

vendor:real secmodel:bc vaultscope:eqversion: -

Trust: 1.0

vendor:real security d o omodel:bc vaultscope: - version: -

Trust: 0.8

vendor:bcmodel:vault bc vaultscope: - version: -

Trust: 0.6

sources: CNVD: CNVD-2019-27429 // JVNDB: JVNDB-2019-008036 // NVD: CVE-2019-14359

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-14359
value: LOW

Trust: 1.0

NVD: CVE-2019-14359
value: LOW

Trust: 0.8

CNVD: CNVD-2019-27429
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-201908-712
value: LOW

Trust: 0.6

VULHUB: VHN-146297
value: LOW

Trust: 0.1

VULMON: CVE-2019-14359
value: LOW

Trust: 0.1

nvd@nist.gov: CVE-2019-14359
severity: LOW
baseScore: 2.1
vectorString: AV:L/AC:L/AU:N/C:P/I:N/A:N
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

CNVD: CNVD-2019-27429
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-146297
severity: LOW
baseScore: 2.1
vectorString: AV:L/AC:L/AU:N/C:P/I:N/A:N
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2019-14359
baseSeverity: LOW
baseScore: 2.4
vectorString: CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
attackVector: PHYSICAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 0.9
impactScore: 1.4
version: 3.0

Trust: 1.8

sources: CNVD: CNVD-2019-27429 // VULHUB: VHN-146297 // VULMON: CVE-2019-14359 // JVNDB: JVNDB-2019-008036 // CNNVD: CNNVD-201908-712 // NVD: CVE-2019-14359

PROBLEMTYPE DATA

problemtype:CWE-203

Trust: 1.0

problemtype:CWE-200

Trust: 0.9

sources: VULHUB: VHN-146297 // JVNDB: JVNDB-2019-008036 // NVD: CVE-2019-14359

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-201908-712

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2019-008036

PATCH
title:Our Response to CVE - 2019 - 14359url:https://bc-vault.com/2019/08/our-response-to-cve-2019-14359
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2019-008036

EXTERNAL IDS
db:NVDid:CVE-2019-14359
Trust: 3.2
db:JVNDBid:JVNDB-2019-008036
Trust: 0.8
db:CNNVDid:CNNVD-201908-712
Trust: 0.7
db:CNVDid:CNVD-2019-27429
Trust: 0.6
db:VULHUBid:VHN-146297
Trust: 0.1
db:VULMONid:CVE-2019-14359
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2019-27429 // 
            
            
            
            VULHUB: VHN-146297 // 
            
            
            
            VULMON: CVE-2019-14359 // 
            
            
            
            JVNDB: JVNDB-2019-008036 // 
            
            
            
            CNNVD: CNNVD-201908-712 // 
            
            
            
            NVD: CVE-2019-14359

REFERENCES
url:https://bc-vault.com/2019/08/our-response-to-cve-2019-14359
Trust: 2.4
url:https://nvd.nist.gov/vuln/detail/cve-2019-14359
Trust: 2.0
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-14359
Trust: 0.8
url:https://cwe.mitre.org/data/definitions/203.html
Trust: 0.1
url:https://nvd.nist.gov
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2019-27429 // 
            
            
            
            VULHUB: VHN-146297 // 
            
            
            
            VULMON: CVE-2019-14359 // 
            
            
            
            JVNDB: JVNDB-2019-008036 // 
            
            
            
            CNNVD: CNNVD-201908-712 // 
            
            
            
            NVD: CVE-2019-14359

SOURCES
db:CNVDid:CNVD-2019-27429
db:VULHUBid:VHN-146297
db:VULMONid:CVE-2019-14359
db:JVNDBid:JVNDB-2019-008036
db:CNNVDid:CNNVD-201908-712
db:NVDid:CVE-2019-14359

LAST UPDATE DATE
2024-11-23T22:48:20.070000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2019-27429date:2019-08-15T00:00:00
db:VULHUBid:VHN-146297date:2019-08-21T00:00:00
db:VULMONid:CVE-2019-14359date:2021-07-21T00:00:00
db:JVNDBid:JVNDB-2019-008036date:2019-08-23T00:00:00
db:CNNVDid:CNNVD-201908-712date:2019-08-23T00:00:00
db:NVDid:CVE-2019-14359date:2024-11-21T04:26:35.257

SOURCES RELEASE DATE
db:CNVDid:CNVD-2019-27429date:2019-08-15T00:00:00
db:VULHUBid:VHN-146297date:2019-08-12T00:00:00
db:VULMONid:CVE-2019-14359date:2019-08-12T00:00:00
db:JVNDBid:JVNDB-2019-008036date:2019-08-23T00:00:00
db:CNNVDid:CNNVD-201908-712date:2019-08-12T00:00:00
db:NVDid:CVE-2019-14359date:2019-08-12T23:15:11.397