CVE-2018-8117 - Vulnerability Details - OpenCVE

A security feature bypass vulnerability exists in the Microsoft Wireless Keyboard 850 which could allow an attacker to reuse an AES encryption key to send keystrokes to other keyboard devices or to read keystrokes sent by other keyboards for the affected devices, aka "Microsoft Wireless Keyboard 850 Security Feature Bypass Vulnerability." This affects Microsoft Wireless Keyboard 850.

No CVSS v4.0

No CVSS v3.1

Attack Vector Adjacent Network

Attack Complexity High

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact None

User Interaction None

Access Vector Adjacent Network

Access Complexity Medium

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact None

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Microsoft	Wireless Keyboard 850

Configuration 1 [-]

cpe:2.3:h:microsoft:wireless_keyboard_850:-:*:*:*:*:*:*:*

No data.

References

Link	Providers
http://www.securityfocus.com/bid/103711
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8117

History

No history.

MITRE

Status: PUBLISHED

Assigner: microsoft

Published: 2018-04-12T01:00:00

Updated: 2024-08-05T06:46:13.463Z

Reserved: 2018-03-14T00:00:00

Link: CVE-2018-8117

Vulnrichment

No data.

NVD

Status : Modified

Published: 2018-04-12T01:29:11.923

Modified: 2024-11-21T04:13:17.787

Link: CVE-2018-8117

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "Microsoft Wireless Keyboard 850", "vendor": "Microsoft", "versions": [{"status": "affected", "version": "Microsoft Wireless Keyboard 850"}]}], "datePublic": "2018-04-11T00:00:00", "descriptions": [{"lang": "en", "value": "A security feature bypass vulnerability exists in the Microsoft Wireless Keyboard 850 which could allow an attacker to reuse an AES encryption key to send keystrokes to other keyboard devices or to read keystrokes sent by other keyboards for the affected devices, aka \"Microsoft Wireless Keyboard 850 Security Feature Bypass Vulnerability.\" This affects Microsoft Wireless Keyboard 850."}], "problemTypes": [{"descriptions": [{"description": "Security Feature Bypass", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-04-12T09:57:02", "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "shortName": "microsoft"}, "references": [{"name": "103711", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/103711"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8117"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "secure@microsoft.com", "ID": "CVE-2018-8117", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Microsoft Wireless Keyboard 850", "version": {"version_data": [{"version_value": "Microsoft Wireless Keyboard 850"}]}}]}, "vendor_name": "Microsoft"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "A security feature bypass vulnerability exists in the Microsoft Wireless Keyboard 850 which could allow an attacker to reuse an AES encryption key to send keystrokes to other keyboard devices or to read keystrokes sent by other keyboards for the affected devices, aka \"Microsoft Wireless Keyboard 850 Security Feature Bypass Vulnerability.\" This affects Microsoft Wireless Keyboard 850."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Security Feature Bypass"}]}]}, "references": {"reference_data": [{"name": "103711", "refsource": "BID", "url": "http://www.securityfocus.com/bid/103711"}, {"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8117", "refsource": "CONFIRM", "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8117"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T06:46:13.463Z"}, "title": "CVE Program Container", "references": [{"name": "103711", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/103711"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8117"}]}]}, "cveMetadata": {"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "assignerShortName": "microsoft", "cveId": "CVE-2018-8117", "datePublished": "2018-04-12T01:00:00", "dateReserved": "2018-03-14T00:00:00", "dateUpdated": "2024-08-05T06:46:13.463Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:h:microsoft:wireless_keyboard_850:-:*:*:*:*:*:*:*", "matchCriteriaId": "2C079075-5825-4B0E-BDBC-151E6692DD8B", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "A security feature bypass vulnerability exists in the Microsoft Wireless Keyboard 850 which could allow an attacker to reuse an AES encryption key to send keystrokes to other keyboard devices or to read keystrokes sent by other keyboards for the affected devices, aka \"Microsoft Wireless Keyboard 850 Security Feature Bypass Vulnerability.\" This affects Microsoft Wireless Keyboard 850."}, {"lang": "es", "value": "Existe una vulnerabilidad de omisi\u00f3n de la caracter\u00edstica de seguridad en Microsoft Wireless Keyboard 850, lo que podr\u00eda permitir que un atacante reutilice una clave de cifrado AES para enviar las pulsaciones de teclado de otros teclados o leer las pulsaciones enviadas por otros teclados a los dispositivos afectados. Esto tambi\u00e9n se conoce como \"Microsoft Wireless Keyboard 850 Security Feature Bypass Vulnerability\". Esto afecta a Microsoft Wireless Keyboard 850."}], "id": "CVE-2018-8117", "lastModified": "2024-11-21T04:13:17.787", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "ADJACENT_NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 7.3, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:A/AC:M/Au:N/C:C/I:C/A:N", "version": "2.0"}, "exploitabilityScore": 5.5, "impactScore": 9.2, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "NONE", "baseScore": 6.8, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", "version": "3.0"}, "exploitabilityScore": 1.6, "impactScore": 5.2, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2018-04-12T01:29:11.923", "references": [{"source": "secure@microsoft.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/103711"}, {"source": "secure@microsoft.com", "tags": ["Patch", "Vendor Advisory"], "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8117"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/103711"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Vendor Advisory"], "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8117"}], "sourceIdentifier": "secure@microsoft.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}]}