CVE-2017-17860 - OpenCVE

In Samsung Gear products, Bluetooth link key is updated to the different key which is same with attacker's link key. It can be attacked without user's intention only if attacker can reveal the Bluetooth address of target device and paired user's smartphone

No CVSS v4.0

No CVSS v3.1

Attack Vector Adjacent Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction Required

Access Vector Adjacent Network

Access Complexity Medium

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Complete

AV:A/AC:M/Au:N/C:N/I:N/A:C

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Google	Android
Samsung	Gear S2 Gear S3

Configuration 1 [-]

AND

cpe:2.3:o:google:android:-:*:*:*:*:*:*:*

OR	cpe:2.3:h:samsung:gear_s2:-:::::::*
	cpe:2.3:h:samsung:gear_s3:-:::::::*

No data.

References

Link	Providers
https://drive.google.com/open?id=0B5L-0MoH_v7fcGljUS1SYnlkOHM

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2018-01-18T22:00:00Z

Updated: 2024-09-16T18:56:05.479Z

Reserved: 2017-12-23T00:00:00

Link: CVE-2017-17860

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2018-01-18T22:29:00.233

Modified: 2018-02-06T17:11:28.017

Link: CVE-2017-17860

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2018-01-16T00:00:00", "descriptions": [{"lang": "en", "value": "In Samsung Gear products, Bluetooth link key is updated to the different key which is same with attacker's link key. It can be attacked without user's intention only if attacker can reveal the Bluetooth address of target device and paired user's smartphone"}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-01-19T12:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://drive.google.com/open?id=0B5L-0MoH_v7fcGljUS1SYnlkOHM"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "DATE_PUBLIC": "2018-01-16T00:00:00", "ID": "CVE-2017-17860", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "In Samsung Gear products, Bluetooth link key is updated to the different key which is same with attacker's link key. It can be attacked without user's intention only if attacker can reveal the Bluetooth address of target device and paired user's smartphone"}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "https://drive.google.com/open?id=0B5L-0MoH_v7fcGljUS1SYnlkOHM", "refsource": "MISC", "url": "https://drive.google.com/open?id=0B5L-0MoH_v7fcGljUS1SYnlkOHM"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T21:06:49.000Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://drive.google.com/open?id=0B5L-0MoH_v7fcGljUS1SYnlkOHM"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2017-17860", "datePublished": "2018-01-18T22:00:00Z", "dateReserved": "2017-12-23T00:00:00", "dateUpdated": "2024-09-16T18:56:05.479Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:google:android:-:*:*:*:*:*:*:*", "matchCriteriaId": "F8B9FEC8-73B6-43B8-B24E-1F7C20D91D26", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:samsung:gear_s2:-:*:*:*:*:*:*:*", "matchCriteriaId": "80E04318-D715-4263-A869-C9203EB7CE75", "vulnerable": false}, {"criteria": "cpe:2.3:h:samsung:gear_s3:-:*:*:*:*:*:*:*", "matchCriteriaId": "EB6F5890-C7A5-45B2-BADE-118B53BE2667", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "In Samsung Gear products, Bluetooth link key is updated to the different key which is same with attacker's link key. It can be attacked without user's intention only if attacker can reveal the Bluetooth address of target device and paired user's smartphone"}, {"lang": "es", "value": "En productos Samsung Gear, la clave de enlace Bluetooth se actualiza en la clave diferente, que es igual a la clave de enlace del atacante. Puede atacarse sin la intenci\u00f3n del usuario solo si el atacante puede revelar la direcci\u00f3n Bluetooth del dispositivo objetivo y el smartphone emparejado del usuario."}], "id": "CVE-2017-17860", "lastModified": "2018-02-06T17:11:28.017", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "ADJACENT_NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 5.7, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:A/AC:M/Au:N/C:N/I:N/A:C", "version": "2.0"}, "exploitabilityScore": 5.5, "impactScore": 6.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "HIGH", "baseScore": 5.7, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.0"}, "exploitabilityScore": 2.1, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2018-01-18T22:29:00.233", "references": [{"source": "cve@mitre.org", "tags": ["Exploit", "Third Party Advisory"], "url": "https://drive.google.com/open?id=0B5L-0MoH_v7fcGljUS1SYnlkOHM"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-20"}], "source": "nvd@nist.gov", "type": "Primary"}]}