CVE-2023-6951 - OpenCVE

A Use of Weak Credentials vulnerability affecting the Wi-Fi network generated by a set of DJI drones could allow a remote attacker to derive the WPA2 PSK key and authenticate without permission to the drone’s Wi- Fi network. This, in turn, allows the attacker to perform unauthorized interaction with the network services exposed by the drone and to potentially decrypt the Wi-Fi traffic exchanged between the drone and the Android/IOS device of the legitimate user during QuickTransfer mode. Affected models are Mavic 3 Pro until v01.01.0300, Mavic 3 until v01.00.1200, Mavic 3 Classic until v01.00.0500, Mavic 3 Enterprise until v07.01.10.03, Matrice 300 until v57.00.01.00, Matrice M30 until v07.01.0022 and Mini 3 Pro until v01.00.0620.

No CVSS v4.0

Attack Vector Adjacent Network

Attack Complexity Low

Privileges Required None

Scope Changed

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction Required

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation none

Automatable no

Technical Impact partial

No data.

No data.

No data.

References

Link	Providers
https://www.nozominetworks.com/labs/vulnerability-advisories-cve-2023-6951/

History

Mon, 30 Sep 2024 10:30:00 +0000

Type	Values Removed	Values Added
Weaknesses	CWE-1391
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Mon, 30 Sep 2024 10:15:00 +0000

Type	Values Removed	Values Added
Weaknesses		CWE-334

MITRE

Status: PUBLISHED

Assigner: Nozomi

Published: 2024-04-02T10:28:05.544Z

Updated: 2024-09-30T10:04:13.991Z

Reserved: 2023-12-19T15:38:36.729Z

Link: CVE-2023-6951

Vulnrichment

Updated: 2024-08-02T08:42:08.525Z

NVD

Status : Awaiting Analysis

Published: 2024-04-02T11:15:51.417

Modified: 2024-09-30T10:15:04.580

Link: CVE-2023-6951

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-6951", "assignerOrgId": "bec8025f-a851-46e5-b3a3-058e6b0aa23c", "state": "PUBLISHED", "assignerShortName": "Nozomi", "dateReserved": "2023-12-19T15:38:36.729Z", "datePublished": "2024-04-02T10:28:05.544Z", "dateUpdated": "2024-09-30T10:04:13.991Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "Mavic 3 Pro", "vendor": "DJI", "versions": [{"lessThan": "01.01.0300", "status": "affected", "version": "0", "versionType": "custom"}]}, {"defaultStatus": "unaffected", "product": "Mavic 3", "vendor": "DJI", "versions": [{"lessThan": "01.00.1200", "status": "affected", "version": "0", "versionType": "custom"}]}, {"defaultStatus": "unaffected", "product": "Mavic 3 Classic", "vendor": "DJI", "versions": [{"lessThan": "01.00.0500", "status": "affected", "version": "0", "versionType": "custom"}]}, {"defaultStatus": "unaffected", "product": "Mavic 3 Enterprise", "vendor": "DJI", "versions": [{"lessThan": "7.01.10.03", "status": "affected", "version": "0", "versionType": "custom"}]}, {"defaultStatus": "unaffected", "product": "Matrice 300", "vendor": "DJI", "versions": [{"lessThan": "57.00.01.00", "status": "affected", "version": "0", "versionType": "custom"}]}, {"defaultStatus": "unaffected", "product": "Matrice M30", "vendor": "DJI", "versions": [{"lessThan": "07.01.0022", "status": "affected", "version": "0", "versionType": "custom"}]}, {"defaultStatus": "unaffected", "product": "Mini 3 Pro", "vendor": "DJI", "versions": [{"lessThan": "01.00.0620", "status": "affected", "version": "0", "versionType": "custom"}]}], "credits": [{"lang": "en", "type": "finder", "user": "00000000-0000-4000-9000-000000000000", "value": "Nicolo' Facchi of Nozomi Networks"}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "A Use of Weak Credentials vulnerability affecting the Wi-Fi network generated by a set of DJI drones could allow a remote attacker to derive the WPA2 PSK key and authenticate without permission to the drone\u2019s Wi- Fi network. This, in turn, allows the attacker to perform unauthorized interaction with the network services exposed by the drone and to potentially decrypt the Wi-Fi traffic exchanged between the drone and the Android/IOS device of the legitimate user during QuickTransfer mode. Affected models are Mavic 3 Pro until v01.01.0300, Mavic 3 until v01.00.1200, Mavic 3 Classic until v01.00.0500, Mavic 3 Enterprise until v07.01.10.03, Matrice 300 until v57.00.01.00, Matrice M30 until v07.01.0022 and Mini 3 Pro until v01.00.0620."}], "value": "A Use of Weak Credentials vulnerability affecting the Wi-Fi network generated by a set of DJI drones could allow a remote attacker to derive the WPA2 PSK key and authenticate without permission to the drone\u2019s Wi- Fi network. This, in turn, allows the attacker to perform unauthorized interaction with the network services exposed by the drone and to potentially decrypt the Wi-Fi traffic exchanged between the drone and the Android/IOS device of the legitimate user during QuickTransfer mode. Affected models are Mavic 3 Pro until v01.01.0300, Mavic 3 until v01.00.1200, Mavic 3 Classic until v01.00.0500, Mavic 3 Enterprise until v07.01.10.03, Matrice 300 until v57.00.01.00, Matrice M30 until v07.01.0022 and Mini 3 Pro until v01.00.0620."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "NONE", "baseScore": 6.6, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-334", "description": "CWE-334: Small Space of Random Values", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "bec8025f-a851-46e5-b3a3-058e6b0aa23c", "shortName": "Nozomi", "dateUpdated": "2024-09-30T10:04:13.991Z"}, "references": [{"url": "https://www.nozominetworks.com/labs/vulnerability-advisories-cve-2023-6951/"}], "source": {"discovery": "UNKNOWN"}, "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}, "adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2023-6951", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-04-02T18:42:46.556534Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-06-04T17:17:06.038Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T08:42:08.525Z"}, "title": "CVE Program Container", "references": [{"url": "https://www.nozominetworks.com/labs/vulnerability-advisories-cve-2023-6951/", "tags": ["x_transferred"]}]}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://www.nozominetworks.com/labs/vulnerability-advisories-cve-2023-6951/", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T08:42:08.525Z"}}, {"metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2023-6951", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-04-02T18:42:46.556534Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-05-23T19:01:21.333Z"}, "title": "CISA ADP Vulnrichment"}], "cna": {"source": {"discovery": "UNKNOWN"}, "credits": [{"lang": "en", "type": "finder", "user": "00000000-0000-4000-9000-000000000000", "value": "Nicolo' Facchi of Nozomi Networks"}], "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "CHANGED", "version": "3.1", "baseScore": 6.6, "attackVector": "ADJACENT_NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "DJI", "product": "Mavic 3 Pro", "versions": [{"status": "affected", "version": "0", "lessThan": "01.01.0300", "versionType": "custom"}], "defaultStatus": "unaffected"}, {"vendor": "DJI", "product": "Mavic 3", "versions": [{"status": "affected", "version": "0", "lessThan": "01.00.1200", "versionType": "custom"}], "defaultStatus": "unaffected"}, {"vendor": "DJI", "product": "Mavic 3 Classic", "versions": [{"status": "affected", "version": "0", "lessThan": "01.00.0500", "versionType": "custom"}], "defaultStatus": "unaffected"}, {"vendor": "DJI", "product": "Mavic 3 Enterprise", "versions": [{"status": "affected", "version": "0", "lessThan": "7.01.10.03", "versionType": "custom"}], "defaultStatus": "unaffected"}, {"vendor": "DJI", "product": "Matrice 300", "versions": [{"status": "affected", "version": "0", "lessThan": "57.00.01.00", "versionType": "custom"}], "defaultStatus": "unaffected"}, {"vendor": "DJI", "product": "Matrice M30", "versions": [{"status": "affected", "version": "0", "lessThan": "07.01.0022", "versionType": "custom"}], "defaultStatus": "unaffected"}, {"vendor": "DJI", "product": "Mini 3 Pro", "versions": [{"status": "affected", "version": "0", "lessThan": "01.00.0620", "versionType": "custom"}], "defaultStatus": "unaffected"}], "references": [{"url": "https://www.nozominetworks.com/labs/vulnerability-advisories-cve-2023-6951/"}], "x_generator": {"engine": "Vulnogram 0.1.0-dev"}, "descriptions": [{"lang": "en", "value": "A Use of Weak Credentials vulnerability affecting the Wi-Fi network generated by a set of DJI drones could allow a remote attacker to derive the WPA2 PSK key and authenticate without permission to the drone\u2019s Wi- Fi network. This, in turn, allows the attacker to perform unauthorized interaction with the network services exposed by the drone and to potentially decrypt the Wi-Fi traffic exchanged between the drone and the Android/IOS device of the legitimate user during QuickTransfer mode. Affected models are Mavic 3 Pro until v01.01.0300, Mavic 3 until v01.00.1200, Mavic 3 Classic until v01.00.0500, Mavic 3 Enterprise until v07.01.10.03, Matrice 300 until v57.00.01.00, Matrice M30 until v07.01.0022 and Mini 3 Pro until v01.00.0620.", "supportingMedia": [{"type": "text/html", "value": "A Use of Weak Credentials vulnerability affecting the Wi-Fi network generated by a set of DJI drones could allow a remote attacker to derive the WPA2 PSK key and authenticate without permission to the drone\u2019s Wi- Fi network. This, in turn, allows the attacker to perform unauthorized interaction with the network services exposed by the drone and to potentially decrypt the Wi-Fi traffic exchanged between the drone and the Android/IOS device of the legitimate user during QuickTransfer mode. Affected models are Mavic 3 Pro until v01.01.0300, Mavic 3 until v01.00.1200, Mavic 3 Classic until v01.00.0500, Mavic 3 Enterprise until v07.01.10.03, Matrice 300 until v57.00.01.00, Matrice M30 until v07.01.0022 and Mini 3 Pro until v01.00.0620.", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-334", "description": "CWE-334: Small Space of Random Values"}]}], "providerMetadata": {"orgId": "bec8025f-a851-46e5-b3a3-058e6b0aa23c", "shortName": "Nozomi", "dateUpdated": "2024-09-30T10:04:13.991Z"}}}, "cveMetadata": {"cveId": "CVE-2023-6951", "state": "PUBLISHED", "dateUpdated": "2024-09-30T10:04:13.991Z", "dateReserved": "2023-12-19T15:38:36.729Z", "assignerOrgId": "bec8025f-a851-46e5-b3a3-058e6b0aa23c", "datePublished": "2024-04-02T10:28:05.544Z", "assignerShortName": "Nozomi"}, "dataVersion": "5.1"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "A Use of Weak Credentials vulnerability affecting the Wi-Fi network generated by a set of DJI drones could allow a remote attacker to derive the WPA2 PSK key and authenticate without permission to the drone\u2019s Wi- Fi network. This, in turn, allows the attacker to perform unauthorized interaction with the network services exposed by the drone and to potentially decrypt the Wi-Fi traffic exchanged between the drone and the Android/IOS device of the legitimate user during QuickTransfer mode. Affected models are Mavic 3 Pro until v01.01.0300, Mavic 3 until v01.00.1200, Mavic 3 Classic until v01.00.0500, Mavic 3 Enterprise until v07.01.10.03, Matrice 300 until v57.00.01.00, Matrice M30 until v07.01.0022 and Mini 3 Pro until v01.00.0620."}, {"lang": "es", "value": "Una vulnerabilidad de uso de credenciales d\u00e9biles que afecta a la red Wi-Fi generada por un conjunto de drones DJI podr\u00eda permitir que un atacante remoto obtenga la clave WPA2 PSK y se autentique sin permiso en la red Wi-Fi del dron. Esto, a su vez, permite al atacante realizar una interacci\u00f3n no autorizada con los servicios de red expuestos por el dron y potencialmente descifrar el tr\u00e1fico Wi-Fi intercambiado entre el dron y el dispositivo Android/IOS del usuario leg\u00edtimo durante el modo QuickTransfer. Los modelos afectados son Mavic 3 Pro hasta v01.01.0300, Mavic 3 hasta v01.00.1200, Mavic 3 Classic hasta v01.00.0500, Mavic 3 Enterprise hasta v07.01.10.03, Matrice 300 hasta v57.00.01.00, Matrice M30 hasta v07. 01.0022 y Mini 3 Pro hasta v01.00.0620."}], "id": "CVE-2023-6951", "lastModified": "2024-09-30T10:15:04.580", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "NONE", "baseScore": 6.6, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 2.1, "impactScore": 4.0, "source": "prodsec@nozominetworks.com", "type": "Secondary"}]}, "published": "2024-04-02T11:15:51.417", "references": [{"source": "prodsec@nozominetworks.com", "url": "https://www.nozominetworks.com/labs/vulnerability-advisories-cve-2023-6951/"}], "sourceIdentifier": "prodsec@nozominetworks.com", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-334"}], "source": "prodsec@nozominetworks.com", "type": "Primary"}]}