CVE-2019-18199

MEDIUM

6.6

Beschreibung

An issue was discovered on Fujitsu Wireless Keyboard Set LX390 GK381 devices. Because of the lack of proper encryption of 2.4 GHz communication, and because of password-based authentication, they are vulnerable to replay attacks.

CVE Details

CVSS v3.1 Bewertung6.6

SchweregradMEDIUM

CVSS VektorCVSS:3.1/AV:P/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

AngriffsvektorPHYSICAL

KomplexitatLOW

Erforderliche PrivilegienNONE

BenutzerinteraktionREQUIRED

Veroffentlicht10/24/2019

Zuletzt geandert11/21/2024

Quellenvd

Honeypot-Sichtungen0

Betroffene Produkte

fujitsu:lx390fujitsu:lx390_firmware

Schwachen (CWE)

CWE-319

Referenzen

http://packetstormsecurity.com/files/154954/Fujitsu-Wireless-Keyboard-Set-LX390-Replay-Attacks.html(cve@mitre.org)

https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2019-009.txt(cve@mitre.org)

https://www.syss.de/pentest-blog/2019/syss-2019-009-syss-2019-010-und-syss-2019-011-schwachstellen-in-weiterer-funktastatur-mit-sicherer-24-ghz-technologie/(cve@mitre.org)

http://packetstormsecurity.com/files/154954/Fujitsu-Wireless-Keyboard-Set-LX390-Replay-Attacks.html(af854a3a-2127-422b-91ae-364da2661108)

https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2019-009.txt(af854a3a-2127-422b-91ae-364da2661108)

https://www.syss.de/pentest-blog/2019/syss-2019-009-syss-2019-010-und-syss-2019-011-schwachstellen-in-weiterer-funktastatur-mit-sicherer-24-ghz-technologie/(af854a3a-2127-422b-91ae-364da2661108)

IOC Korrelationen

Keine Korrelationen erfasst

This product uses data from the NVD API but is not endorsed or certified by the NVD.