Sign-up

ID

VAR-201908-1660


CVE

CVE-2018-20959


TITLE

Jura E8 Vulnerabilities related to security functions in devices

Trust: 0.8

sources: JVNDB: JVNDB-2018-015998

DESCRIPTION

Jura E8 devices lack Bluetooth connection security. Jura E8 The device contains vulnerabilities related to security functions.Tampering with information and disrupting service operations (DoS) There is a possibility of being put into a state. JURA E8 is a coffee machine produced by American JURA Company. This vulnerability is due to the lack of security measures such as authentication, access control, and rights management in network systems or products

Trust: 1.71

sources: NVD: CVE-2018-20959 // JVNDB: JVNDB-2018-015998 // VULHUB: VHN-131817

AFFECTED PRODUCTS

vendor:juramodel:e8scope:eqversion: -

Trust: 1.0

vendor:juramodel:e8scope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2018-015998 // NVD: CVE-2018-20959

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2018-20959
value: HIGH

Trust: 1.0

NVD: CVE-2018-20959
value: HIGH

Trust: 0.8

CNNVD: CNNVD-201908-493
value: HIGH

Trust: 0.6

VULHUB: VHN-131817
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2018-20959
severity: MEDIUM
baseScore: 4.8
vectorString: AV:A/AC:L/AU:N/C:N/I:P/A:P
accessVector: ADJACENT_NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 6.5
impactScore: 4.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-131817
severity: MEDIUM
baseScore: 4.8
vectorString: AV:A/AC:L/AU:N/C:N/I:P/A:P
accessVector: ADJACENT_NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 6.5
impactScore: 4.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2018-20959
baseSeverity: HIGH
baseScore: 8.1
vectorString: CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
attackVector: ADJACENT
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 5.2
version: 3.0

Trust: 1.8

sources: VULHUB: VHN-131817 // JVNDB: JVNDB-2018-015998 // CNNVD: CNNVD-201908-493 // NVD: CVE-2018-20959

PROBLEMTYPE DATA

problemtype:NVD-CWE-noinfo

Trust: 1.0

problemtype:CWE-254

Trust: 0.9

sources: VULHUB: VHN-131817 // JVNDB: JVNDB-2018-015998 // NVD: CVE-2018-20959

THREAT TYPE

remote or local

Trust: 0.6

sources: CNNVD: CNNVD-201908-493

TYPE

security feature problem

Trust: 0.6

sources: CNNVD: CNNVD-201908-493

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2018-015998

PATCH
title:E8url:https://www.brewmatic.co.jp/JURA/products/e8/
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2018-015998

EXTERNAL IDS
db:NVDid:CVE-2018-20959
Trust: 2.5
db:JVNDBid:JVNDB-2018-015998
Trust: 0.8
db:CNNVDid:CNNVD-201908-493
Trust: 0.7
db:VULHUBid:VHN-131817
Trust: 0.1
sources:
            
            
            VULHUB: VHN-131817 // 
            
            
            
            JVNDB: JVNDB-2018-015998 // 
            
            
            
            CNNVD: CNNVD-201908-493 // 
            
            
            
            NVD: CVE-2018-20959

REFERENCES
url:https://www.pentestpartners.com/security-blog/hacking-the-nespresso-prodigio-and-jura-e8-coffee-machines/
Trust: 2.5
url:https://nvd.nist.gov/vuln/detail/cve-2018-20959
Trust: 1.4
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-20959
Trust: 0.8
sources:
            
            
            VULHUB: VHN-131817 // 
            
            
            
            JVNDB: JVNDB-2018-015998 // 
            
            
            
            CNNVD: CNNVD-201908-493 // 
            
            
            
            NVD: CVE-2018-20959

SOURCES
db:VULHUBid:VHN-131817
db:JVNDBid:JVNDB-2018-015998
db:CNNVDid:CNNVD-201908-493
db:NVDid:CVE-2018-20959

LAST UPDATE DATE
2024-11-23T22:51:40.883000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-131817date:2020-08-24T00:00:00
db:JVNDBid:JVNDB-2018-015998date:2019-08-15T00:00:00
db:CNNVDid:CNNVD-201908-493date:2020-08-25T00:00:00
db:NVDid:CVE-2018-20959date:2024-11-21T04:02:33.990

SOURCES RELEASE DATE
db:VULHUBid:VHN-131817date:2019-08-07T00:00:00
db:JVNDBid:JVNDB-2018-015998date:2019-08-15T00:00:00
db:CNNVDid:CNNVD-201908-493date:2019-08-07T00:00:00
db:NVDid:CVE-2018-20959date:2019-08-07T13:15:13.437