Sign-up

ID

VAR-201910-0876


CVE

CVE-2019-17627


TITLE

Yale Bluetooth Key Authentication vulnerabilities in applications

Trust: 0.8

sources: JVNDB: JVNDB-2019-011040

DESCRIPTION

The Yale Bluetooth Key application for mobile devices allows unauthorized unlock actions by sniffing Bluetooth Low Energy (BLE) traffic during one authorized unlock action, and then calculating the authentication key via simple computations on the hex digits of a valid authentication request. This affects the Yale ZEN-R lock and unspecified other locks. Yale Bluetooth Key The application contains authentication vulnerabilities.Information may be obtained

Trust: 1.62

sources: NVD: CVE-2019-17627 // JVNDB: JVNDB-2019-011040

IOT TAXONOMY

category:['home & office device']sub_category:smart lock

Trust: 0.1

sources: OTHER: None

AFFECTED PRODUCTS

vendor:yalehomemodel:yale bluetooth keyscope:eqversion: -

Trust: 1.6

vendor:yalemodel:bluetooth keyscope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2019-011040 // CNNVD: CNNVD-201910-1160 // NVD: CVE-2019-17627

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-17627
value: MEDIUM

Trust: 1.0

NVD: CVE-2019-17627
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201910-1160
value: MEDIUM

Trust: 0.6

nvd@nist.gov: CVE-2019-17627
severity: LOW
baseScore: 3.3
vectorString: AV:A/AC:L/AU:N/C:P/I:N/A:N
accessVector: ADJACENT_NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 6.5
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

nvd@nist.gov: CVE-2019-17627
baseSeverity: MEDIUM
baseScore: 6.5
vectorString: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector: ADJACENT
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 2.8
impactScore: 3.6
version: 3.1

Trust: 1.0

NVD: CVE-2019-17627
baseSeverity: MEDIUM
baseScore: 6.5
vectorString: CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector: ADJACENT NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: JVNDB: JVNDB-2019-011040 // CNNVD: CNNVD-201910-1160 // NVD: CVE-2019-17627

PROBLEMTYPE DATA

problemtype:CWE-287

Trust: 1.8

sources: JVNDB: JVNDB-2019-011040 // NVD: CVE-2019-17627

THREAT TYPE

remote or local

Trust: 0.6

sources: CNNVD: CNNVD-201910-1160

TYPE

authorization issue

Trust: 0.6

sources: CNNVD: CNNVD-201910-1160

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2019-011040

PATCH
title:Top Pageurl:https://www.yalehome.com/en/
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2019-011040

EXTERNAL IDS
db:NVDid:CVE-2019-17627
Trust: 2.5
db:JVNDBid:JVNDB-2019-011040
Trust: 0.8
db:CNNVDid:CNNVD-201910-1160
Trust: 0.6
db:OTHERid:NONE
Trust: 0.1
sources:
            
            
            OTHER: None // 
            
            
            
            JVNDB: JVNDB-2019-011040 // 
            
            
            
            CNNVD: CNNVD-201910-1160 // 
            
            
            
            NVD: CVE-2019-17627

REFERENCES
url:https://github.com/pwnmonkeylab/yaledoorlockvulnerability/blob/master/howtodo.md
Trust: 2.4
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-17627
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2019-17627
Trust: 0.8
url:https://ieeexplore.ieee.org/abstract/document/10769424
Trust: 0.1
sources:
            
            
            OTHER: None // 
            
            
            
            JVNDB: JVNDB-2019-011040 // 
            
            
            
            CNNVD: CNNVD-201910-1160 // 
            
            
            
            NVD: CVE-2019-17627

SOURCES
db:OTHERid: - 
db:JVNDBid:JVNDB-2019-011040
db:CNNVDid:CNNVD-201910-1160
db:NVDid:CVE-2019-17627

LAST UPDATE DATE
2025-01-30T22:39:09.211000+00:00

SOURCES UPDATE DATE
db:JVNDBid:JVNDB-2019-011040date:2019-10-28T00:00:00
db:CNNVDid:CNNVD-201910-1160date:2019-10-21T00:00:00
db:NVDid:CVE-2019-17627date:2024-11-21T04:32:39.590

SOURCES RELEASE DATE
db:JVNDBid:JVNDB-2019-011040date:2019-10-28T00:00:00
db:CNNVDid:CNNVD-201910-1160date:2019-10-16T00:00:00
db:NVDid:CVE-2019-17627date:2019-10-16T12:15:12.103