CVE-2017-17436 - OpenCVE

An issue was discovered in the software on Vaultek Gun Safe VT20i products. There is no encryption of the session between the Android application and the safe. The website and marketing materials advertise that this communication channel is encrypted with "Highest Level Bluetooth Encryption" and "Data transmissions are secure via AES256 bit encryption." These claims, however, are not true. Moreover, AES256 bit encryption is not supported in the Bluetooth Low Energy (BLE) standard, so it would have to be at the application level. This lack of encryption allows an individual to learn the passcode by eavesdropping on the communications between the application and the safe.

No CVSS v4.0

No CVSS v3.1

Attack Vector Adjacent Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Access Vector Adjacent Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

AV:A/AC:L/Au:N/C:P/I:N/A:N

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Vaulteksafe	Vt20i Vt20i Firmware

Configuration 1 [-]

AND

cpe:2.3:o:vaulteksafe:vt20i_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:vaulteksafe:vt20i:-:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://vaulteksafe.com/index.php/cve-2017-17435/
https://www.twosixlabs.com/bluesteal-popping-gatt-safes/

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2017-12-07T00:00:00

Updated: 2024-08-05T20:51:31.424Z

Reserved: 2017-12-05T00:00:00

Link: CVE-2017-17436

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2017-12-07T00:29:00.287

Modified: 2017-12-22T15:59:37.883

Link: CVE-2017-17436

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2017-12-06T00:00:00", "descriptions": [{"lang": "en", "value": "An issue was discovered in the software on Vaultek Gun Safe VT20i products. There is no encryption of the session between the Android application and the safe. The website and marketing materials advertise that this communication channel is encrypted with \"Highest Level Bluetooth Encryption\" and \"Data transmissions are secure via AES256 bit encryption.\" These claims, however, are not true. Moreover, AES256 bit encryption is not supported in the Bluetooth Low Energy (BLE) standard, so it would have to be at the application level. This lack of encryption allows an individual to learn the passcode by eavesdropping on the communications between the application and the safe."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-12-12T13:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://vaulteksafe.com/index.php/cve-2017-17435/"}, {"tags": ["x_refsource_MISC"], "url": "https://www.twosixlabs.com/bluesteal-popping-gatt-safes/"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2017-17436", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "An issue was discovered in the software on Vaultek Gun Safe VT20i products. There is no encryption of the session between the Android application and the safe. The website and marketing materials advertise that this communication channel is encrypted with \"Highest Level Bluetooth Encryption\" and \"Data transmissions are secure via AES256 bit encryption.\" These claims, however, are not true. Moreover, AES256 bit encryption is not supported in the Bluetooth Low Energy (BLE) standard, so it would have to be at the application level. This lack of encryption allows an individual to learn the passcode by eavesdropping on the communications between the application and the safe."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "https://vaulteksafe.com/index.php/cve-2017-17435/", "refsource": "CONFIRM", "url": "https://vaulteksafe.com/index.php/cve-2017-17435/"}, {"name": "https://www.twosixlabs.com/bluesteal-popping-gatt-safes/", "refsource": "MISC", "url": "https://www.twosixlabs.com/bluesteal-popping-gatt-safes/"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T20:51:31.424Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://vaulteksafe.com/index.php/cve-2017-17435/"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://www.twosixlabs.com/bluesteal-popping-gatt-safes/"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2017-17436", "datePublished": "2017-12-07T00:00:00", "dateReserved": "2017-12-05T00:00:00", "dateUpdated": "2024-08-05T20:51:31.424Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:vaulteksafe:vt20i_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "5EDBDB6F-0A1D-41A1-880F-5792AF4D192F", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:vaulteksafe:vt20i:-:*:*:*:*:*:*:*", "matchCriteriaId": "86037AA2-62CF-41E7-815D-FDA28558F0E0", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "An issue was discovered in the software on Vaultek Gun Safe VT20i products. There is no encryption of the session between the Android application and the safe. The website and marketing materials advertise that this communication channel is encrypted with \"Highest Level Bluetooth Encryption\" and \"Data transmissions are secure via AES256 bit encryption.\" These claims, however, are not true. Moreover, AES256 bit encryption is not supported in the Bluetooth Low Energy (BLE) standard, so it would have to be at the application level. This lack of encryption allows an individual to learn the passcode by eavesdropping on the communications between the application and the safe."}, {"lang": "es", "value": "Se ha descubierto una vulnerabilidad en el software en productos Vaultek Gun Safe VT20i. No se cifra la sesi\u00f3n entre la aplicaci\u00f3n de Android y la caja fuerte. Los materiales de marketing as\u00ed como el sitio web anuncian que este canal est\u00e1 cifrado con \"un cifrado Bluetooth del m\u00e1s alto nivel\" y que \"las transmisiones de datos se realizan de forma segura mediante el cifrado de bits AES256\". Sin embargo, estas afirmaciones no son ciertas. Adem\u00e1s, los cifrados de bits AES256 no son compatibles con el est\u00e1ndar Bluetooth de baja energ\u00eda (Bluetooth LE), por lo que tendr\u00eda que serlo a nivel de aplicaci\u00f3n. Esta falta de cifrado permite que un usuario aprenda el c\u00f3digo de acceso espiando las comunicaciones entre la aplicaci\u00f3n y la caja fuerte."}], "id": "CVE-2017-17436", "lastModified": "2017-12-22T15:59:37.883", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "LOW", "cvssData": {"accessComplexity": "LOW", "accessVector": "ADJACENT_NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 3.3, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:A/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 6.5, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2017-12-07T00:29:00.287", "references": [{"source": "cve@mitre.org", "tags": ["Mitigation", "Vendor Advisory"], "url": "https://vaulteksafe.com/index.php/cve-2017-17435/"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://www.twosixlabs.com/bluesteal-popping-gatt-safes/"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-326"}], "source": "nvd@nist.gov", "type": "Primary"}]}