Sign-up

ID

VAR-201911-0619


CVE

CVE-2019-18659


TITLE

Wireless Emergency Alert Vulnerabilities related to the use of cryptographic algorithms in protocols

Trust: 0.8

sources: JVNDB: JVNDB-2019-011521

DESCRIPTION

The Wireless Emergency Alerts (WEA) protocol allows remote attackers to spoof a Presidential Alert because cryptographic authentication is not used, as demonstrated by MessageIdentifier 4370 in LTE System Information Block 12 (aka SIB12). NOTE: testing inside an RF-isolated shield box suggested that all LTE phones are affected by design (e.g., use of Android versus iOS does not matter); testing in an open RF environment is, of course, contraindicated. The vulnerability stems from incorrect use of relevant cryptographic algorithms by network systems or products, resulting in improperly encrypted content, weak encryption, and storing sensitive information in plain text

Trust: 1.71

sources: NVD: CVE-2019-18659 // JVNDB: JVNDB-2019-011521 // VULHUB: VHN-151027

AFFECTED PRODUCTS

vendor:readymodel:wireless emergency alertsscope:eqversion: -

Trust: 1.6

vendor:readymodel:wireless emergency alertsscope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2019-011521 // CNNVD: CNNVD-201911-036 // NVD: CVE-2019-18659

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-18659
value: MEDIUM

Trust: 1.0

NVD: CVE-2019-18659
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201911-036
value: MEDIUM

Trust: 0.6

VULHUB: VHN-151027
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2019-18659
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-151027
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2019-18659
baseSeverity: MEDIUM
baseScore: 5.3
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 1.4
version: 3.1

Trust: 1.0

NVD: CVE-2019-18659
baseSeverity: MEDIUM
baseScore: 5.3
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-151027 // JVNDB: JVNDB-2019-011521 // CNNVD: CNNVD-201911-036 // NVD: CVE-2019-18659

PROBLEMTYPE DATA

problemtype:CWE-290

Trust: 1.0

problemtype:CWE-327

Trust: 0.9

sources: VULHUB: VHN-151027 // JVNDB: JVNDB-2019-011521 // NVD: CVE-2019-18659

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201911-036

TYPE

encryption problem

Trust: 0.6

sources: CNNVD: CNNVD-201911-036

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2019-011521

PATCH
title:Emergency Alertsurl:https://www.ready.gov/ja/node/5608
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2019-011521

EXTERNAL IDS
db:NVDid:CVE-2019-18659
Trust: 2.5
db:JVNDBid:JVNDB-2019-011521
Trust: 0.8
db:CNNVDid:CNNVD-201911-036
Trust: 0.7
db:VULHUBid:VHN-151027
Trust: 0.1
sources:
            
            
            VULHUB: VHN-151027 // 
            
            
            
            JVNDB: JVNDB-2019-011521 // 
            
            
            
            CNNVD: CNNVD-201911-036 // 
            
            
            
            NVD: CVE-2019-18659

REFERENCES
url:https://dl.acm.org/citation.cfm?id=3326082
Trust: 1.7
url:https://nvd.nist.gov/vuln/detail/cve-2019-18659
Trust: 1.4
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-18659
Trust: 0.8
sources:
            
            
            VULHUB: VHN-151027 // 
            
            
            
            JVNDB: JVNDB-2019-011521 // 
            
            
            
            CNNVD: CNNVD-201911-036 // 
            
            
            
            NVD: CVE-2019-18659

SOURCES
db:VULHUBid:VHN-151027
db:JVNDBid:JVNDB-2019-011521
db:CNNVDid:CNNVD-201911-036
db:NVDid:CVE-2019-18659

LAST UPDATE DATE
2024-11-23T21:59:38.509000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-151027date:2019-11-06T00:00:00
db:JVNDBid:JVNDB-2019-011521date:2019-11-12T00:00:00
db:CNNVDid:CNNVD-201911-036date:2019-12-27T00:00:00
db:NVDid:CVE-2019-18659date:2024-11-21T04:33:28.370

SOURCES RELEASE DATE
db:VULHUBid:VHN-151027date:2019-11-02T00:00:00
db:JVNDBid:JVNDB-2019-011521date:2019-11-12T00:00:00
db:CNNVDid:CNNVD-201911-036date:2019-11-01T00:00:00
db:NVDid:CVE-2019-18659date:2019-11-02T01:15:10.630