Details of VAR-201909-1013

ID

VAR-201909-1013

CVE

CVE-2019-14261

TITLE

ABUS Secvest FUAA50000 Cryptographic vulnerabilities in devices

Trust: 0.8

sources: JVNDB: JVNDB-2019-008882

DESCRIPTION

An issue was discovered on ABUS Secvest FUAA50000 3.01.01 devices. Due to an insufficient implementation of jamming detection, an attacker is able to suppress correctly received RF messages sent between wireless peripheral components, e.g., wireless detectors or remote controls, and the ABUS Secvest alarm central. An attacker is able to perform a "reactive jamming" attack. The reactive jamming simply detects the start of a RF message sent by a component of the ABUS Secvest wireless alarm system, for instance a wireless motion detector (FUBW50000) or a remote control (FUBE50014 or FUBE50015), and overlays it with random data before the original RF message ends. Thereby, the receiver (alarm central) is not able to properly decode the original transmitted signal. This enables an attacker to suppress correctly received RF messages of the wireless alarm system in an unauthorized manner, for instance status messages sent by a detector indicating an intrusion. ABUS Secvest FUAA50000 The device contains cryptographic vulnerabilities.Information may be tampered with. ABUS Secvest FUAA50000 is a wireless remote control from ABUS, Germany. A security vulnerability exists in ABUS Secvest FUAA50000. Currently there is no information about this vulnerability, please keep an eye on CNNVD or vendor announcements. Advisory ID: SYSS-2019-004 Product: ABUS Secvest (FUAA50000) Manufacturer: ABUS Affected Version(s): v3.01.01 Tested Version(s): v3.01.01 Vulnerability Type: Message Transmission - Unchecked Error Condition (CWE-391) Risk Level: High Solution Status: Open Manufacturer Notification: 2019-03-02 Solution Date: - Public Disclosure: 2019-07-26 CVE Reference: CVE-2019-14261 Authors of Advisory: Matthias Deeg (SySS GmbH), Thomas Detert ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Overview: ABUS Secvest (FUAA50000) is a wireless alarm system with different features. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Proof of Concept (PoC): Thomas Detert developed a Teensy-based PoC tool using a CC1101 sub-1GHz transceiver that allows suppressing arming the alarm system in an unauthorized way. He provided his tool including documentation and source to SySS GmbH for responsible disclosure purposes. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution: SySS GmbH is not aware of a solution for this reported security vulnerability. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Disclosure Timeline: 2019-03-02: Vulnerability reported to manufacturer 2019-07-26: Public release of security advisory ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ References: [1] Product website for ABUS Secvest wireless alarm system https://www.abus.com/eng/Home-Security/Alarm-systems/Secvest-wireless-alarm-system/Alarm-panels-and-kits/Secvest-Wireless-Alarm-System [2] SySS Security Advisory SYSS-2019-004 https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2019-004.txt [3] SySS GmbH, SySS Responsible Disclosure Policy https://www.syss.de/en/news/responsible-disclosure-policy/ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Credits: This security vulnerability was found by Thomas Detert. Mr. Detert reported his finding to SySS GmbH where it was verified and later reported to the manufacturer by Matthias Deeg. E-Mail: matthias.deeg (at) syss.de Public Key: https://www.syss.de/fileadmin/dokumente/Materialien/PGPKeys/Matthias_Deeg.asc Key fingerprint = D1F0 A035 F06C E675 CDB9 0514 D9A4 BF6A 34AD 4DAB ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Disclaimer: The information provided in this security advisory is provided "as is" and without warranty of any kind. Details of this security advisory may be updated in order to provide as accurate information as possible. The latest version of this security advisory is available on the SySS Web site. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Copyright: Creative Commons - Attribution (by) - Version 3.0 URL: http://creativecommons.org/licenses/by/3.0/deed.en

Trust: 2.34

sources: NVD: CVE-2019-14261 // JVNDB: JVNDB-2019-008882 // CNVD: CNVD-2019-29126 // VULHUB: VHN-146190 // PACKETSTORM: 153780

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2019-29126

AFFECTED PRODUCTS

vendor:	abus	model:	secvest wireless alarm system fuaa50000	scope:	eq	version:	3.01.01	Trust: 1.8
vendor:	abus	model:	secvest fuaa50000	scope:	eq	version:	v3.01.01	Trust: 0.6

sources: CNVD: CNVD-2019-29126 // JVNDB: JVNDB-2019-008882 // NVD: CVE-2019-14261

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2019-14261
value:	HIGH
Trust: 1.0
NVD:	CVE-2019-14261
value:	HIGH
Trust: 0.8
CNVD:	CNVD-2019-29126
value:	HIGH
Trust: 0.6
CNNVD:	CNNVD-201907-1412
value:	HIGH
Trust: 0.6
VULHUB:	VHN-146190
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2019-14261
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2019-29126
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
VULHUB:	VHN-146190
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2019-14261
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	HIGH
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	3.6
version:	3.0
Trust: 1.8

sources: CNVD: CNVD-2019-29126 // VULHUB: VHN-146190 // JVNDB: JVNDB-2019-008882 // CNNVD: CNNVD-201907-1412 // NVD: CVE-2019-14261

PROBLEMTYPE DATA

problemtype:

CWE-310

Trust: 1.9

sources: VULHUB: VHN-146190 // JVNDB: JVNDB-2019-008882 // NVD: CVE-2019-14261

THREAT TYPE

remote

Trust: 0.7

sources: PACKETSTORM: 153780 // CNNVD: CNNVD-201907-1412

TYPE

encryption problem

Trust: 0.6

sources: CNNVD: CNNVD-201907-1412

CONFIGURATIONS

sources: JVNDB: JVNDB-2019-008882

PATCH

title:

Top Page

url:

https://www.abus.com/

Trust: 0.8

sources: JVNDB: JVNDB-2019-008882

EXTERNAL IDS

db:	NVD	id:	CVE-2019-14261	Trust: 3.2
db:	PACKETSTORM	id:	153780	Trust: 1.8
db:	JVNDB	id:	JVNDB-2019-008882	Trust: 0.8
db:	CNNVD	id:	CNNVD-201907-1412	Trust: 0.7
db:	CNVD	id:	CNVD-2019-29126	Trust: 0.6
db:	VULHUB	id:	VHN-146190	Trust: 0.1

sources: CNVD: CNVD-2019-29126 // VULHUB: VHN-146190 // JVNDB: JVNDB-2019-008882 // PACKETSTORM: 153780 // CNNVD: CNNVD-201907-1412 // NVD: CVE-2019-14261

REFERENCES

url:	https://www.syss.de/fileadmin/dokumente/publikationen/advisories/syss-2019-004.txt	Trust: 2.6
url:	https://seclists.org/bugtraq/2019/jul/52	Trust: 1.7
url:	http://seclists.org/fulldisclosure/2019/jul/30	Trust: 1.7
url:	http://packetstormsecurity.com/files/153780/abus-secvest-3.01.01-unchecked-message-transmission-error-condition.html	Trust: 1.7
url:	https://nvd.nist.gov/vuln/detail/cve-2019-14261	Trust: 1.5
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-14261	Trust: 0.8
url:	http://seclists.org/fulldisclosure/2019/jul/36	Trust: 0.6
url:	http://creativecommons.org/licenses/by/3.0/deed.en	Trust: 0.1
url:	https://www.syss.de/en/news/responsible-disclosure-policy/	Trust: 0.1
url:	https://www.syss.de/fileadmin/dokumente/materialien/pgpkeys/matthias_deeg.asc	Trust: 0.1
url:	https://www.abus.com/eng/home-security/alarm-systems/secvest-wireless-alarm-system/alarm-panels-and-kits/secvest-wireless-alarm-system	Trust: 0.1

sources: CNVD: CNVD-2019-29126 // VULHUB: VHN-146190 // JVNDB: JVNDB-2019-008882 // PACKETSTORM: 153780 // CNNVD: CNNVD-201907-1412 // NVD: CVE-2019-14261

CREDITS

Matthias Deeg

Trust: 0.6

sources: CNNVD: CNNVD-201907-1412

SOURCES

db:	CNVD	id:	CNVD-2019-29126
db:	VULHUB	id:	VHN-146190
db:	JVNDB	id:	JVNDB-2019-008882
db:	PACKETSTORM	id:	153780
db:	CNNVD	id:	CNNVD-201907-1412
db:	NVD	id:	CVE-2019-14261

LAST UPDATE DATE

2024-11-23T22:06:00.082000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2019-29126	date:	2019-08-28T00:00:00
db:	VULHUB	id:	VHN-146190	date:	2019-09-05T00:00:00
db:	JVNDB	id:	JVNDB-2019-008882	date:	2019-09-09T00:00:00
db:	CNNVD	id:	CNNVD-201907-1412	date:	2019-09-06T00:00:00
db:	NVD	id:	CVE-2019-14261	date:	2024-11-21T04:26:19.270

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2019-29126	date:	2019-08-28T00:00:00
db:	VULHUB	id:	VHN-146190	date:	2019-09-03T00:00:00
db:	JVNDB	id:	JVNDB-2019-008882	date:	2019-09-09T00:00:00
db:	PACKETSTORM	id:	153780	date:	2019-07-27T17:38:08
db:	CNNVD	id:	CNNVD-201907-1412	date:	2019-07-27T00:00:00
db:	NVD	id:	CVE-2019-14261	date:	2019-09-03T18:15:12.327