Sign-up

ID

VAR-201911-1282


CVE

CVE-2019-14358


TITLE

Archos Safe-T Information Disclosure Vulnerability

Trust: 1.2

sources: CNVD: CNVD-2019-40098 // CNNVD: CNNVD-201911-043

DESCRIPTION

On Archos Safe-T devices, a side channel for the row-based OLED display was found. The power consumption of each row-based display cycle depends on the number of illuminated pixels, allowing a partial recovery of display contents. For example, a hardware implant in the USB cable might be able to leverage this behavior to recover confidential secrets such as the PIN and BIP39 mnemonic. In other words, the side channel is relevant only if the attacker has enough control over the device's USB connection to make power-consumption measurements at a time when secret data is displayed. The side channel is not relevant in other circumstances, such as a stolen device that is not currently displaying secret data. Archos Safe-T The device contains an information disclosure vulnerability.Information may be obtained. Archos Safe-T is a hardware-based cryptocurrency wallet device. The vulnerability is caused by a configuration error such as a network system or a product running. An unauthorized attacker can exploit the vulnerability to obtain sensitive information about the affected component

Trust: 2.16

sources: NVD: CVE-2019-14358 // JVNDB: JVNDB-2019-011722 // CNVD: CNVD-2019-40098

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2019-40098

AFFECTED PRODUCTS

vendor:archosmodel:safe-tscope:eqversion: -

Trust: 1.6

vendor:archosmodel:safe-tscope: - version: -

Trust: 1.4

sources: CNVD: CNVD-2019-40098 // JVNDB: JVNDB-2019-011722 // CNNVD: CNNVD-201911-043 // NVD: CVE-2019-14358

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-14358
value: MEDIUM

Trust: 1.0

NVD: CVE-2019-14358
value: MEDIUM

Trust: 0.8

CNVD: CNVD-2019-40098
value: LOW

Trust: 0.6

CNNVD: CNNVD-201911-043
value: MEDIUM

Trust: 0.6

nvd@nist.gov: CVE-2019-14358
severity: LOW
baseScore: 1.9
vectorString: AV:L/AC:M/AU:N/C:P/I:N/A:N
accessVector: LOCAL
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.4
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2019-40098
severity: LOW
baseScore: 2.1
vectorString: AV:L/AC:L/AU:N/C:P/I:N/A:N
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2019-14358
baseSeverity: MEDIUM
baseScore: 4.6
vectorString: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector: PHYSICAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 0.9
impactScore: 3.6
version: 3.1

Trust: 1.0

NVD: CVE-2019-14358
baseSeverity: MEDIUM
baseScore: 4.6
vectorString: CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector: PHYSICAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2019-40098 // JVNDB: JVNDB-2019-011722 // CNNVD: CNNVD-201911-043 // NVD: CVE-2019-14358

PROBLEMTYPE DATA

problemtype:CWE-203

Trust: 1.0

problemtype:CWE-200

Trust: 0.8

sources: JVNDB: JVNDB-2019-011722 // NVD: CVE-2019-14358

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-201911-043

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2019-011722

PATCH
title:Top Pageurl:https://www.archos.com/fr/home.html
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2019-011722

EXTERNAL IDS
db:NVDid:CVE-2019-14358
Trust: 3.0
db:JVNDBid:JVNDB-2019-011722
Trust: 0.8
db:CNVDid:CNVD-2019-40098
Trust: 0.6
db:CNNVDid:CNNVD-201911-043
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2019-40098 // 
            
            
            
            JVNDB: JVNDB-2019-011722 // 
            
            
            
            CNNVD: CNNVD-201911-043 // 
            
            
            
            NVD: CVE-2019-14358

REFERENCES
url:https://blog.inhq.net/posts/oled-side-channel-status-summary/
Trust: 3.0
url:https://nvd.nist.gov/vuln/detail/cve-2019-14358
Trust: 2.0
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-14358
Trust: 0.8
sources:
            
            
            CNVD: CNVD-2019-40098 // 
            
            
            
            JVNDB: JVNDB-2019-011722 // 
            
            
            
            CNNVD: CNNVD-201911-043 // 
            
            
            
            NVD: CVE-2019-14358

SOURCES
db:CNVDid:CNVD-2019-40098
db:JVNDBid:JVNDB-2019-011722
db:CNNVDid:CNNVD-201911-043
db:NVDid:CVE-2019-14358

LAST UPDATE DATE
2024-11-23T22:48:11.904000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2019-40098date:2019-11-12T00:00:00
db:JVNDBid:JVNDB-2019-011722date:2019-11-18T00:00:00
db:CNNVDid:CNNVD-201911-043date:2019-11-11T00:00:00
db:NVDid:CVE-2019-14358date:2024-11-21T04:26:35.107

SOURCES RELEASE DATE
db:CNVDid:CNVD-2019-40098date:2019-11-12T00:00:00
db:JVNDBid:JVNDB-2019-011722date:2019-11-18T00:00:00
db:CNNVDid:CNNVD-201911-043date:2019-11-02T00:00:00
db:NVDid:CVE-2019-14358date:2019-11-02T17:15:10.477