CVE-2013-4877 - Vulnerability Details - OpenCVE

Description

The Verizon Wireless Network Extender SCS-26UC4 and SCS-2U01 does not use CAVE authentication, which makes it easier for remote attackers to obtain ESN and MIN values from arbitrary phones, and conduct cloning attacks, by sniffing the network for registration packets.

Published: 2013-07-18

Score: 2.6 Low

EPSS: < 1% Very Low

KEV: No

Impact:

Action:

Analysis

No analysis available yet.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

n/a

n/a

affected

Version	Status	Constraints
`n/a`	affected	—

Configuration 1 [-]

OR	cpe:2.3:h:verizon:wireless_network_extender:scs-2u01:::::::*
	cpe:2.3:h:verizon:wireless_network_extender:scs-26uc4:::::::*

No data.

No data available yet.

Remediation

No remediation available yet.

Tracking

Sign in to view the affected projects.

Advisories

Source	ID	Title
EUVD	EUVD-2013-4722	The Verizon Wireless Network Extender SCS-26UC4 and SCS-2U01 does not use CAVE authentication, which makes it easier for remote attackers to obtain ESN and MIN values from arbitrary phones, and conduct cloning attacks, by sniffing the network for registration packets.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Local

Access Complexity High

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact None

This CVE is not in the KEV list.

The EPSS score is 0.00896.

Key SSVC decision points have not yet been added.

References

Link	Providers
http://www.kb.cert.org/vuls/id/458007
http://www.kb.cert.org/vuls/id/BLUU-997M5B
http://www.securityfocus.com/bid/61169

History

No history.

Subscriptions

Verizon Wireless Network Extender

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2013-07-18T14:00:00.000Z

Updated: 2024-08-06T16:59:40.841Z

Reserved: 2013-07-18T00:00:00.000Z

Link: CVE-2013-4877

Vulnrichment

No data.

NVD

Status : Deferred

Published: 2013-07-18T16:51:40.403

Modified: 2025-04-11T00:51:21.963

Link: CVE-2013-4877

Redhat

No data.

OpenCVE Enrichment

No data.

Weaknesses

CWE-287

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2013-07-15T00:00:00.000Z", "descriptions": [{"lang": "en", "value": "The Verizon Wireless Network Extender SCS-26UC4 and SCS-2U01 does not use CAVE authentication, which makes it easier for remote attackers to obtain ESN and MIN values from arbitrary phones, and conduct cloning attacks, by sniffing the network for registration packets."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2013-08-22T09:00:00.000Z", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_MISC"], "url": "http://www.kb.cert.org/vuls/id/BLUU-997M5B"}, {"name": "VU#458007", "tags": ["third-party-advisory", "x_refsource_CERT-VN"], "url": "http://www.kb.cert.org/vuls/id/458007"}, {"name": "61169", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/61169"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2013-4877", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The Verizon Wireless Network Extender SCS-26UC4 and SCS-2U01 does not use CAVE authentication, which makes it easier for remote attackers to obtain ESN and MIN values from arbitrary phones, and conduct cloning attacks, by sniffing the network for registration packets."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "http://www.kb.cert.org/vuls/id/BLUU-997M5B", "refsource": "MISC", "url": "http://www.kb.cert.org/vuls/id/BLUU-997M5B"}, {"name": "VU#458007", "refsource": "CERT-VN", "url": "http://www.kb.cert.org/vuls/id/458007"}, {"name": "61169", "refsource": "BID", "url": "http://www.securityfocus.com/bid/61169"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T16:59:40.841Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://www.kb.cert.org/vuls/id/BLUU-997M5B"}, {"name": "VU#458007", "tags": ["third-party-advisory", "x_refsource_CERT-VN", "x_transferred"], "url": "http://www.kb.cert.org/vuls/id/458007"}, {"name": "61169", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/61169"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2013-4877", "datePublished": "2013-07-18T14:00:00.000Z", "dateReserved": "2013-07-18T00:00:00.000Z", "dateUpdated": "2024-08-06T16:59:40.841Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:h:verizon:wireless_network_extender:scs-2u01:*:*:*:*:*:*:*", "matchCriteriaId": "D36CAEBA-1928-4DD0-B5DC-7A05B4C4FED7", "vulnerable": true}, {"criteria": "cpe:2.3:h:verizon:wireless_network_extender:scs-26uc4:*:*:*:*:*:*:*", "matchCriteriaId": "2FF92731-EC8B-41F9-95BE-238B61F19EA9", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The Verizon Wireless Network Extender SCS-26UC4 and SCS-2U01 does not use CAVE authentication, which makes it easier for remote attackers to obtain ESN and MIN values from arbitrary phones, and conduct cloning attacks, by sniffing the network for registration packets."}, {"lang": "es", "value": "El Verizon Wireless Network Extender SCS-26UC4 and SCS-2U01 no utiliza autenticaci\u00f3n CAVE, haciendo m\u00e1s f\u00e1cil para atacantes remotos obtener valores ESN y MIN desde tel\u00e9fonos arbitrarios, y llevar a cabo ataques de clonaci\u00f3n mediante la captura de paquetes."}], "id": "CVE-2013-4877", "lastModified": "2025-04-11T00:51:21.963", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "LOW", "cvssData": {"accessComplexity": "HIGH", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 2.6, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:L/AC:H/Au:N/C:P/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 1.9, "impactScore": 4.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2013-07-18T16:51:40.403", "references": [{"source": "cve@mitre.org", "tags": ["US Government Resource"], "url": "http://www.kb.cert.org/vuls/id/458007"}, {"source": "cve@mitre.org", "tags": ["US Government Resource"], "url": "http://www.kb.cert.org/vuls/id/BLUU-997M5B"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/bid/61169"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["US Government Resource"], "url": "http://www.kb.cert.org/vuls/id/458007"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["US Government Resource"], "url": "http://www.kb.cert.org/vuls/id/BLUU-997M5B"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/61169"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-287"}], "source": "nvd@nist.gov", "type": "Primary"}]}