Vulnerability CVE-2019-18199

Vulnerability CVE-2019-18199

Published: 2019-10-24 Modified: 2019-11-05

Description:

An issue was discovered on Fujitsu Wireless Keyboard Set LX390 GK381 devices. Because of the lack of proper encryption of 2.4 GHz communication, and because of password-based authentication, they are vulnerable to replay attacks.

See advisories in our WLB2 database:

	Topic	Author	Date
Low	Fujitsu Wireless Keyboard Set LX390 Replay Attacks	Matthias Deeg	24.10.2019

Type:

CWE-294

(Authentication Bypass by Capture-replay)

CVSS2 => (AV:L/AC:M/Au:N/C:C/I:C/A:C)

CVSS Base Score	Impact Subscore	Exploitability Subscore
6.9/10	10/10	3.4/10

Exploit range	Attack complexity	Authentication
Local	Medium	No required
Confidentiality impact	Integrity impact	Availability impact
Complete	Complete	Complete

References:

http://packetstormsecurity.com/files/154954/Fujitsu-Wireless-Keyboard-Set-LX390-Replay-Attacks.html

https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2019-009.txt

https://www.syss.de/pentest-blog/2019/syss-2019-009-syss-2019-010-und-syss-2019-011-schwachstellen-in-weiterer-funktastatur-mit-sicherer-24-ghz-technologie/

Vulnerability CVE-2019-18199

An issue was discovered on Fujitsu Wireless Keyboard Set LX390 GK381 devices. Because of the lack of proper encryption of 2.4 GHz communication, and because of password-based authentication, they are vulnerable to replay attacks.

See advisories in our WLB2 database:

Low

Fujitsu Wireless Keyboard Set LX390 Replay Attacks

CWE-294

CVSS2 => (AV:L/AC:M/Au:N/C:C/I:C/A:C)

6.9/10

10/10

3.4/10

Local

Medium

No required

Complete

Complete

Complete

References: