| |
Vulnerability CVE-2017-17860
Published: 2018-01-18
| Description: |
In Samsung Gear products, Bluetooth link key is updated to the different key which is same with attacker's link key. It can be attacked without user's intention only if attacker can reveal the Bluetooth address of target device and paired user's smartphone |
Type:
CWE-20 (Improper Input Validation)
CVSS2 => (AV:A/AC:M/Au:N/C:N/I:N/A:C)
| CVSS Base Score |
Impact Subscore |
Exploitability Subscore |
5.7/10 |
6.9/10 |
5.5/10 |
| Exploit range |
Attack complexity |
Authentication |
Adjacent network |
Medium |
No required |
| Confidentiality impact |
Integrity impact |
Availability impact |
None |
None |
Complete |
References: |
https://drive.google.com/open?id=0B5L-0MoH_v7fcGljUS1SYnlkOHM
|
|
|
Copyright 2024, cxsecurity.com
|
|
|
