{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2024-2104", "assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c", "state": "PUBLISHED", "assignerShortName": "CERTVDE", "dateReserved": "2024-03-01T16:45:42.526Z", "datePublished": "2025-12-10T12:56:15.290Z", "dateUpdated": "2025-12-10T16:37:18.940Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "LIVE PRO 2 TWS", "vendor": "JBL", "versions": [{"status": "affected", "version": "*"}]}, {"defaultStatus": "unaffected", "product": "TUNE FLEX", "vendor": "JBL", "versions": [{"status": "affected", "version": "*"}]}], "credits": [{"lang": "en", "type": "reporter", "user": "00000000-0000-4000-9000-000000000000", "value": "Mattar Bernhard from Hummus Sec"}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Due to improper BLE security configurations on the device's GATT server, an adjacent unauthenticated attacker can read and write device control commands through the mobile app service wich could render the device unusable."}], "value": "Due to improper BLE security configurations on the device's GATT server, an adjacent unauthenticated attacker can read and write device control commands through the mobile app service wich could render the device unusable."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-306", "description": "CWE-306 Missing Authentication for Critical Function", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c", "shortName": "CERTVDE", "dateUpdated": "2025-12-10T12:56:15.290Z"}, "references": [{"tags": ["vendor-advisory"], "url": "https://harman.csaf-tp.certvde.com/.well-known/csaf/white/2025/hbsa-2025-0001.json"}, {"tags": ["vendor-advisory"], "url": "https://certvde.com/en/advisories/VDE-2024-076"}], "source": {"discovery": "UNKNOWN"}, "title": "JBL: Improper BLE security configurations and lack of authentication on the device's GATT server", "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-12-10T16:37:02.427390Z", "id": "CVE-2024-2104", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-12-10T16:37:18.940Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-2104", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2025-12-10T16:37:02.427390Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-12-10T16:37:12.511Z"}}], "cna": {"title": "JBL: Improper BLE security configurations and lack of authentication on the device's GATT server", "source": {"discovery": "UNKNOWN"}, "credits": [{"lang": "en", "type": "reporter", "user": "00000000-0000-4000-9000-000000000000", "value": "Mattar Bernhard from Hummus Sec"}], "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.8, "attackVector": "ADJACENT_NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "JBL", "product": "LIVE PRO 2 TWS", "versions": [{"status": "affected", "version": "*"}], "defaultStatus": "unaffected"}, {"vendor": "JBL", "product": "TUNE FLEX", "versions": [{"status": "affected", "version": "*"}], "defaultStatus": "unaffected"}], "references": [{"url": "https://harman.csaf-tp.certvde.com/.well-known/csaf/white/2025/hbsa-2025-0001.json", "tags": ["vendor-advisory"]}, {"url": "https://certvde.com/en/advisories/VDE-2024-076", "tags": ["vendor-advisory"]}], "x_generator": {"engine": "Vulnogram 0.1.0-dev"}, "descriptions": [{"lang": "en", "value": "Due to improper BLE security configurations on the device's GATT server, an adjacent unauthenticated attacker can read and write device control commands through the mobile app service wich could render the device unusable.", "supportingMedia": [{"type": "text/html", "value": "Due to improper BLE security configurations on the device's GATT server, an adjacent unauthenticated attacker can read and write device control commands through the mobile app service wich could render the device unusable.", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-306", "description": "CWE-306 Missing Authentication for Critical Function"}]}], "providerMetadata": {"orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c", "shortName": "CERTVDE", "dateUpdated": "2025-12-10T12:56:15.290Z"}}}, "cveMetadata": {"cveId": "CVE-2024-2104", "state": "PUBLISHED", "dateUpdated": "2025-12-10T16:37:18.940Z", "dateReserved": "2024-03-01T16:45:42.526Z", "assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c", "datePublished": "2025-12-10T12:56:15.290Z", "assignerShortName": "CERTVDE"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "Due to improper BLE security configurations on the device's GATT server, an adjacent unauthenticated attacker can read and write device control commands through the mobile app service wich could render the device unusable."}], "id": "CVE-2024-2104", "lastModified": "2025-12-12T15:18:42.140", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "info@cert.vde.com", "type": "Primary"}]}, "published": "2025-12-10T13:16:01.987", "references": [{"source": "info@cert.vde.com", "url": "https://certvde.com/en/advisories/VDE-2024-076"}, {"source": "info@cert.vde.com", "url": "https://harman.csaf-tp.certvde.com/.well-known/csaf/white/2025/hbsa-2025-0001.json"}], "sourceIdentifier": "info@cert.vde.com", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-306"}], "source": "info@cert.vde.com", "type": "Primary"}]}

{}

{"created": "2025-12-11T21:37:48.101731+00:00", "updated": "2025-12-11T21:37:48.101767+00:00", "vendors": ["jbl", "jbl$PRODUCT$live_pro_2_tws", "jbl$PRODUCT$tune_flex"]}