CVE-2022-32506 - OpenCVE

An issue was discovered on certain Nuki Home Solutions devices. An attacker with physical access to the circuit board could use the SWD debug features to control the execution of code on the processor and debug the firmware, as well as read or alter the content of the internal and external flash memory. This affects Nuki Smart Lock 3.0 before 3.3.5, Nuki Smart Lock 2.0 before 2.12.4, as well as Nuki Bridge v1 before 1.22.0 and v2 before 2.13.2.

No CVSS v4.0

Attack Vector Physical

Attack Complexity High

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

No data.

No data.

No data.

References

Link	Providers
https://latesthackingnews.com/2022/07/28/multiple-security-flaws-found-in-nuki-smart-locks/
https://nuki.io/en/security-updates/
https://research.nccgroup.com/2022/07/25/technical-advisory-multiple-vulnerabilities-in-nuki-smart-locks-cve-2022-32509-cve-2022-32504-cve-2022-32502-cve-2022-32507-cve-2022-32503-cve-2022-32510-cve-2022-32506-cve-2022-32508-cve-2/
https://www.hackread.com/nuki-smart-locks-vulnerabilities-plethora-attack-options/

History

Tue, 20 Aug 2024 15:00:00 +0000

Type	Values Removed	Values Added
Weaknesses		CWE-1263
Metrics		cvssV3_1 `{'score': 6.4, 'vector': 'CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H'}`

MITRE

Status: PUBLISHED

Assigner: mitre

Published:

Updated: 2024-08-20T13:41:37.274Z

Reserved:

Link: CVE-2022-32506

Vulnrichment

Updated: 2024-08-03T07:46:43.279Z

NVD

Status : Awaiting Analysis

Published: 2024-05-14T10:43:41.587

Modified: 2024-08-20T14:35:01.103

Link: CVE-2022-32506

Redhat

No data.

{"dataType": "CVE_RECORD", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2022-32506", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "dateUpdated": "2024-08-20T13:41:37.274Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2024-05-09T19:47:04.230538"}, "descriptions": [{"lang": "en", "value": "An issue was discovered on certain Nuki Home Solutions devices. An attacker with physical access to the circuit board could use the SWD debug features to control the execution of code on the processor and debug the firmware, as well as read or alter the content of the internal and external flash memory. This affects Nuki Smart Lock 3.0 before 3.3.5, Nuki Smart Lock 2.0 before 2.12.4, as well as Nuki Bridge v1 before 1.22.0 and v2 before 2.13.2."}], "affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"version": "n/a", "status": "affected"}]}], "references": [{"url": "https://research.nccgroup.com/2022/07/25/technical-advisory-multiple-vulnerabilities-in-nuki-smart-locks-cve-2022-32509-cve-2022-32504-cve-2022-32502-cve-2022-32507-cve-2022-32503-cve-2022-32510-cve-2022-32506-cve-2022-32508-cve-2/"}, {"url": "https://www.hackread.com/nuki-smart-locks-vulnerabilities-plethora-attack-options/"}, {"url": "https://latesthackingnews.com/2022/07/28/multiple-security-flaws-found-in-nuki-smart-locks/"}, {"url": "https://nuki.io/en/security-updates/"}], "problemTypes": [{"descriptions": [{"type": "text", "lang": "en", "description": "n/a"}]}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T07:46:43.279Z"}, "title": "CVE Program Container", "references": [{"url": "https://research.nccgroup.com/2022/07/25/technical-advisory-multiple-vulnerabilities-in-nuki-smart-locks-cve-2022-32509-cve-2022-32504-cve-2022-32502-cve-2022-32507-cve-2022-32503-cve-2022-32510-cve-2022-32506-cve-2022-32508-cve-2/", "tags": ["x_transferred"]}, {"url": "https://www.hackread.com/nuki-smart-locks-vulnerabilities-plethora-attack-options/", "tags": ["x_transferred"]}, {"url": "https://latesthackingnews.com/2022/07/28/multiple-security-flaws-found-in-nuki-smart-locks/", "tags": ["x_transferred"]}, {"url": "https://nuki.io/en/security-updates/", "tags": ["x_transferred"]}]}, {"problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-1263", "lang": "en", "description": "CWE-1263 Improper Physical Access Control"}]}], "affected": [{"vendor": "nuki", "product": "smart_lock", "cpes": ["cpe:2.3:h:nuki:smart_lock:*:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "3.0", "status": "affected", "lessThan": "3.3.5", "versionType": "custom"}, {"version": "2.0", "status": "affected", "lessThan": "2.12.4", "versionType": "custom"}]}, {"vendor": "nuki", "product": "smart_lock_firmware", "cpes": ["cpe:2.3:o:nuki:smart_lock_firmware:*:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "3.0", "status": "affected", "lessThan": "3.3.5", "versionType": "custom"}, {"version": "2.0", "status": "affected", "lessThan": "2.12.4", "versionType": "custom"}]}, {"vendor": "nuki", "product": "bridge", "cpes": ["cpe:2.3:h:nuki:bridge:*:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "2.0", "status": "affected", "lessThan": "2.13.2", "versionType": "custom"}, {"version": "1.0", "status": "affected", "lessThan": "1.22.0", "versionType": "custom"}]}, {"vendor": "nuki", "product": "bridge_firmware", "cpes": ["cpe:2.3:o:nuki:bridge_firmware:*:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "2.0", "status": "affected", "lessThan": "2.13.2", "versionType": "custom"}, {"version": "1.0", "status": "affected", "lessThan": "1.22.0", "versionType": "custom"}]}], "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.4, "attackVector": "PHYSICAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2024-08-20T13:29:14.810257Z", "id": "CVE-2022-32506", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-08-20T13:41:37.274Z"}}]}, "dataVersion": "5.1"}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://research.nccgroup.com/2022/07/25/technical-advisory-multiple-vulnerabilities-in-nuki-smart-locks-cve-2022-32509-cve-2022-32504-cve-2022-32502-cve-2022-32507-cve-2022-32503-cve-2022-32510-cve-2022-32506-cve-2022-32508-cve-2/", "tags": ["x_transferred"]}, {"url": "https://www.hackread.com/nuki-smart-locks-vulnerabilities-plethora-attack-options/", "tags": ["x_transferred"]}, {"url": "https://latesthackingnews.com/2022/07/28/multiple-security-flaws-found-in-nuki-smart-locks/", "tags": ["x_transferred"]}, {"url": "https://nuki.io/en/security-updates/", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T07:46:43.279Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.4, "attackVector": "PHYSICAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2022-32506", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2024-08-20T13:29:14.810257Z"}}}], "affected": [{"cpes": ["cpe:2.3:h:nuki:smart_lock:*:*:*:*:*:*:*:*"], "vendor": "nuki", "product": "smart_lock", "versions": [{"status": "affected", "version": "3.0", "lessThan": "3.3.5", "versionType": "custom"}, {"status": "affected", "version": "2.0", "lessThan": "2.12.4", "versionType": "custom"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:o:nuki:smart_lock_firmware:*:*:*:*:*:*:*:*"], "vendor": "nuki", "product": "smart_lock_firmware", "versions": [{"status": "affected", "version": "3.0", "lessThan": "3.3.5", "versionType": "custom"}, {"status": "affected", "version": "2.0", "lessThan": "2.12.4", "versionType": "custom"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:h:nuki:bridge:*:*:*:*:*:*:*:*"], "vendor": "nuki", "product": "bridge", "versions": [{"status": "affected", "version": "2.0", "lessThan": "2.13.2", "versionType": "custom"}, {"status": "affected", "version": "1.0", "lessThan": "1.22.0", "versionType": "custom"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:o:nuki:bridge_firmware:*:*:*:*:*:*:*:*"], "vendor": "nuki", "product": "bridge_firmware", "versions": [{"status": "affected", "version": "2.0", "lessThan": "2.13.2", "versionType": "custom"}, {"status": "affected", "version": "1.0", "lessThan": "1.22.0", "versionType": "custom"}], "defaultStatus": "unknown"}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-1263", "description": "CWE-1263 Improper Physical Access Control"}]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-08-20T13:41:04.977Z"}}], "cna": {"affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "references": [{"url": "https://research.nccgroup.com/2022/07/25/technical-advisory-multiple-vulnerabilities-in-nuki-smart-locks-cve-2022-32509-cve-2022-32504-cve-2022-32502-cve-2022-32507-cve-2022-32503-cve-2022-32510-cve-2022-32506-cve-2022-32508-cve-2/"}, {"url": "https://www.hackread.com/nuki-smart-locks-vulnerabilities-plethora-attack-options/"}, {"url": "https://latesthackingnews.com/2022/07/28/multiple-security-flaws-found-in-nuki-smart-locks/"}, {"url": "https://nuki.io/en/security-updates/"}], "descriptions": [{"lang": "en", "value": "An issue was discovered on certain Nuki Home Solutions devices. An attacker with physical access to the circuit board could use the SWD debug features to control the execution of code on the processor and debug the firmware, as well as read or alter the content of the internal and external flash memory. This affects Nuki Smart Lock 3.0 before 3.3.5, Nuki Smart Lock 2.0 before 2.12.4, as well as Nuki Bridge v1 before 1.22.0 and v2 before 2.13.2."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "text", "description": "n/a"}]}], "providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2024-05-09T19:47:04.230538"}}}, "cveMetadata": {"cveId": "CVE-2022-32506", "state": "PUBLISHED", "dateUpdated": "2024-08-20T13:41:37.274Z", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre"}, "dataVersion": "5.1"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "An issue was discovered on certain Nuki Home Solutions devices. An attacker with physical access to the circuit board could use the SWD debug features to control the execution of code on the processor and debug the firmware, as well as read or alter the content of the internal and external flash memory. This affects Nuki Smart Lock 3.0 before 3.3.5, Nuki Smart Lock 2.0 before 2.12.4, as well as Nuki Bridge v1 before 1.22.0 and v2 before 2.13.2."}, {"lang": "es", "value": "Se ha descubierto un problema en determinados dispositivos de Nuki Home Solutions. Un atacante con acceso f\u00edsico a la placa de circuito podr\u00eda utilizar las funciones de depuraci\u00f3n del SWD para controlar la ejecuci\u00f3n de c\u00f3digo en el procesador y depurar el firmware, as\u00ed como leer o alterar el contenido de la memoria flash interna y externa. Esto afecta a Nuki Smart Lock 3.0 anterior a 3.3.5, Nuki Smart Lock 2.0 anterior a 2.12.4, as\u00ed como a Nuki Bridge v1 anterior a 1.22.0 y v2 anterior a 2.13.2."}], "id": "CVE-2022-32506", "lastModified": "2024-08-20T14:35:01.103", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "PHYSICAL", "availabilityImpact": "HIGH", "baseScore": 6.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 0.5, "impactScore": 5.9, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2024-05-14T10:43:41.587", "references": [{"source": "cve@mitre.org", "url": "https://latesthackingnews.com/2022/07/28/multiple-security-flaws-found-in-nuki-smart-locks/"}, {"source": "cve@mitre.org", "url": "https://nuki.io/en/security-updates/"}, {"source": "cve@mitre.org", "url": "https://research.nccgroup.com/2022/07/25/technical-advisory-multiple-vulnerabilities-in-nuki-smart-locks-cve-2022-32509-cve-2022-32504-cve-2022-32502-cve-2022-32507-cve-2022-32503-cve-2022-32510-cve-2022-32506-cve-2022-32508-cve-2/"}, {"source": "cve@mitre.org", "url": "https://www.hackread.com/nuki-smart-locks-vulnerabilities-plethora-attack-options/"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-1263"}], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}