{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2023-46916", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "dateUpdated": "2024-08-02T21:01:21.120Z", "dateReserved": "2023-10-30T00:00:00", "datePublished": "2023-12-07T00:00:00"}, "containers": {"cna": {"providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2023-12-07T06:02:20.456839"}, "descriptions": [{"lang": "en", "value": "Maxima Max Pro Power 1.0 486A devices allow BLE traffic replay. An attacker can use GATT characteristic handle 0x0012 to perform potentially disruptive actions such as starting a Heart Rate monitor."}], "affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"version": "n/a", "status": "affected"}]}], "references": [{"url": "https://www.maximawatches.com/products/max-pro-power"}, {"url": "http://packetstormsecurity.com/files/175660"}], "problemTypes": [{"descriptions": [{"type": "text", "lang": "en", "description": "n/a"}]}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T21:01:21.120Z"}, "title": "CVE Program Container", "references": [{"url": "https://www.maximawatches.com/products/max-pro-power", "tags": ["x_transferred"]}, {"url": "http://packetstormsecurity.com/files/175660", "tags": ["x_transferred"]}]}]}}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:maximawatches:maxima_max_pro_power_firmware:1.0_486a:*:*:*:*:*:*:*", "matchCriteriaId": "715096FF-8DF3-4877-B4AE-073FA4F0D86A", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:maximawatches:maxima_max_pro_power:-:*:*:*:*:*:*:*", "matchCriteriaId": "93F050F9-344A-4F7D-84D7-7964DF1886EF", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Maxima Max Pro Power 1.0 486A devices allow BLE traffic replay. An attacker can use GATT characteristic handle 0x0012 to perform potentially disruptive actions such as starting a Heart Rate monitor."}, {"lang": "es", "value": "Los dispositivos Maxima Max Pro Power 1.0 486A permiten la reproducci\u00f3n del tr\u00e1fico BLE. Un atacante puede utilizar el identificador de caracter\u00edstica GATT 0x0012 para realizar acciones potencialmente disruptivas, como iniciar un monitor de frecuencia card\u00edaca."}], "id": "CVE-2023-46916", "lastModified": "2023-12-12T17:03:51.163", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 1.4, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2023-12-07T06:15:54.803", "references": [{"source": "cve@mitre.org", "tags": ["Exploit", "Third Party Advisory", "VDB Entry"], "url": "http://packetstormsecurity.com/files/175660"}, {"source": "cve@mitre.org", "tags": ["Product"], "url": "https://www.maximawatches.com/products/max-pro-power"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}