CVE-2024-38271 - OpenCVE

There exists a vulnerability in Quick Share/Nearby, where an attacker can force a victim to stay connected to a temporary hotspot created for the sharing. As part of the sequence of packets in a Quick Share connection over Bluetooth, the attacker forces the victim to connect to the attacker’s WiFi network and then sends an OfflineFrame that crashes Quick Share. This makes the Wifi connection to the attacker’s network last, instead of returning to the old network when the Quick Share session completes, allowing the attacker to be a MiTM. We recommend upgrading to version 1.0.1724.0 of Quick Share or above

Attack Vector Adjacent Network

Attack Complexity High

Privileges Required Low

Attack Requirements Present

User Interaction Active

Vulnerable System Confidentiality Impact High

Vulnerable System Integrity Impact Low

Vulnerable System Availability Impact Low

Subsequent System Confidentiality Impact High

Subsequent System Integrity Impact Low

Subsequent System Availability Impact Low

No CVSS v3.1

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation none

Automatable no

Technical Impact total

Vendors	Products
Google	Nearby

No data.

No data.

References

Link	Providers
https://github.com/google/nearby/pull/2402
https://github.com/google/nearby/pull/2433
https://github.com/google/nearby/pull/2435
https://github.com/google/nearby/pull/2589

History

No history.

MITRE

Status: PUBLISHED

Assigner: Google

Published: 2024-06-26T15:19:13.955Z

Updated: 2024-08-02T04:04:25.103Z

Reserved: 2024-06-12T09:23:33.130Z

Link: CVE-2024-38271

Vulnrichment

Updated: 2024-06-26T17:14:07.750Z

NVD

Status : Awaiting Analysis

Published: 2024-06-26T16:15:11.560

Modified: 2024-07-29T22:15:04.757

Link: CVE-2024-38271

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-38271", "assignerOrgId": "14ed7db2-1595-443d-9d34-6215bf890778", "state": "PUBLISHED", "assignerShortName": "Google", "dateReserved": "2024-06-12T09:23:33.130Z", "datePublished": "2024-06-26T15:19:13.955Z", "dateUpdated": "2024-08-02T04:04:25.103Z"}, "containers": {"cna": {"affected": [{"collectionURL": "https://github.com/google/nearby", "defaultStatus": "unaffected", "product": "Nearby", "repo": "https://github.com/google/nearby", "vendor": "Google", "versions": [{"lessThan": "1.0.1724.0", "status": "affected", "version": "0", "versionType": "semver"}]}], "credits": [{"lang": "en", "type": "reporter", "value": "Or Yair and Shmuel Cohen with SafeBreach"}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "There exists a vulnerability in Quick Share/Nearby, where an attacker can force a victim to stay connected to a temporary hotspot created for the sharing. As part of the sequence of packets in a Quick Share connection over Bluetooth, the attacker forces the victim to connect to the attacker\u2019s WiFi network and then sends an OfflineFrame that crashes Quick Share.<br>This makes the Wifi connection to the attacker\u2019s network last, instead of returning to the old network when the Quick Share session completes, allowing the attacker to be a MiTM. We recommend upgrading to version <span style=\"background-color: rgb(255, 255, 255);\">1.0.1724.0 of Quick Share or above</span><br>"}], "value": "There exists a vulnerability in Quick Share/Nearby, where an attacker can force a victim to stay connected to a temporary hotspot created for the sharing. As part of the sequence of packets in a Quick Share connection over Bluetooth, the attacker forces the victim to connect to the attacker\u2019s WiFi network and then sends an OfflineFrame that crashes Quick Share.\nThis makes the Wifi connection to the attacker\u2019s network last, instead of returning to the old network when the Quick Share session completes, allowing the attacker to be a MiTM. We recommend upgrading to version\u00a01.0.1724.0 of Quick Share or above"}], "impacts": [{"capecId": "CAPEC-165", "descriptions": [{"lang": "en", "value": "CAPEC-165 File Manipulation"}]}], "metrics": [{"cvssV4_0": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "HIGH", "attackRequirements": "PRESENT", "attackVector": "ADJACENT", "baseScore": 5.9, "baseSeverity": "MEDIUM", "privilegesRequired": "LOW", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "LOW", "subConfidentialityImpact": "HIGH", "subIntegrityImpact": "LOW", "userInteraction": "ACTIVE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:A/AC:H/AT:P/PR:L/UI:A/VC:H/VI:L/VA:L/SC:H/SI:L/SA:L", "version": "4.0", "vulnAvailabilityImpact": "LOW", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "LOW", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-404", "description": "CWE-404 Improper Resource Shutdown or Release", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "14ed7db2-1595-443d-9d34-6215bf890778", "shortName": "Google", "dateUpdated": "2024-07-29T21:38:09.241Z"}, "references": [{"url": "https://github.com/google/nearby/pull/2433"}, {"url": "https://github.com/google/nearby/pull/2435"}, {"url": "https://github.com/google/nearby/pull/2589"}, {"url": "https://github.com/google/nearby/pull/2402"}], "source": {"discovery": "UNKNOWN"}, "title": "Denial of Service in Quick Share", "x_generator": {"engine": "Vulnogram 0.2.0"}}, "adp": [{"affected": [{"vendor": "google", "product": "nearby", "cpes": ["cpe:2.3:a:google:nearby:*:*:*:*:*:*:*:*"], "defaultStatus": "unaffected", "versions": [{"version": "0", "status": "affected", "lessThan": "1.0.1724.0", "versionType": "semver"}]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-06-26T17:06:59.293625Z", "id": "CVE-2024-38271", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-06-26T17:18:16.332Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T04:04:25.103Z"}, "title": "CVE Program Container", "references": [{"url": "https://github.com/google/nearby/pull/2433", "tags": ["x_transferred"]}, {"url": "https://github.com/google/nearby/pull/2435", "tags": ["x_transferred"]}, {"url": "https://github.com/google/nearby/pull/2589", "tags": ["x_transferred"]}, {"url": "https://github.com/google/nearby/pull/2402", "tags": ["x_transferred"]}]}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-38271", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2024-06-26T17:06:59.293625Z"}}}], "affected": [{"cpes": ["cpe:2.3:a:google:nearby:*:*:*:*:*:*:*:*"], "vendor": "google", "product": "nearby", "versions": [{"status": "affected", "version": "0", "lessThan": "1.0.1724.0", "versionType": "semver"}], "defaultStatus": "unaffected"}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-06-26T17:14:07.750Z"}}], "cna": {"title": "Denial of Service in Quick Share", "source": {"discovery": "UNKNOWN"}, "credits": [{"lang": "en", "type": "reporter", "value": "Or Yair and Shmuel Cohen with SafeBreach"}], "impacts": [{"capecId": "CAPEC-165", "descriptions": [{"lang": "en", "value": "CAPEC-165 File Manipulation"}]}], "metrics": [{"format": "CVSS", "cvssV4_0": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 5.9, "Automatable": "NOT_DEFINED", "attackVector": "ADJACENT", "baseSeverity": "MEDIUM", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:A/AC:H/AT:P/PR:L/UI:A/VC:H/VI:L/VA:L/SC:H/SI:L/SA:L", "providerUrgency": "NOT_DEFINED", "userInteraction": "ACTIVE", "attackComplexity": "HIGH", "attackRequirements": "PRESENT", "privilegesRequired": "LOW", "subIntegrityImpact": "LOW", "vulnIntegrityImpact": "LOW", "subAvailabilityImpact": "LOW", "vulnAvailabilityImpact": "LOW", "subConfidentialityImpact": "HIGH", "vulnConfidentialityImpact": "HIGH", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"repo": "https://github.com/google/nearby", "vendor": "Google", "product": "Nearby", "versions": [{"status": "affected", "version": "0", "lessThan": "1.0.1724.0", "versionType": "semver"}], "collectionURL": "https://github.com/google/nearby", "defaultStatus": "unaffected"}], "references": [{"url": "https://github.com/google/nearby/pull/2433"}, {"url": "https://github.com/google/nearby/pull/2435"}, {"url": "https://github.com/google/nearby/pull/2589"}, {"url": "https://github.com/google/nearby/pull/2402"}], "x_generator": {"engine": "Vulnogram 0.2.0"}, "descriptions": [{"lang": "en", "value": "There exists a vulnerability in Quick Share/Nearby, where an attacker can force a victim to stay connected to a temporary hotspot created for the sharing. As part of the sequence of packets in a Quick Share connection over Bluetooth, the attacker forces the victim to connect to the attacker\u2019s WiFi network and then sends an OfflineFrame that crashes Quick Share.\nThis makes the Wifi connection to the attacker\u2019s network last, instead of returning to the old network when the Quick Share session completes, allowing the attacker to be a MiTM. We recommend upgrading to version\u00a01.0.1724.0 of Quick Share or above", "supportingMedia": [{"type": "text/html", "value": "There exists a vulnerability in Quick Share/Nearby, where an attacker can force a victim to stay connected to a temporary hotspot created for the sharing. As part of the sequence of packets in a Quick Share connection over Bluetooth, the attacker forces the victim to connect to the attacker\u2019s WiFi network and then sends an OfflineFrame that crashes Quick Share.<br>This makes the Wifi connection to the attacker\u2019s network last, instead of returning to the old network when the Quick Share session completes, allowing the attacker to be a MiTM. We recommend upgrading to version <span style=\"background-color: rgb(255, 255, 255);\">1.0.1724.0 of Quick Share or above</span><br>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-404", "description": "CWE-404 Improper Resource Shutdown or Release"}]}], "providerMetadata": {"orgId": "14ed7db2-1595-443d-9d34-6215bf890778", "shortName": "Google", "dateUpdated": "2024-07-29T21:38:09.241Z"}}}, "cveMetadata": {"cveId": "CVE-2024-38271", "state": "PUBLISHED", "dateUpdated": "2024-07-29T21:38:09.241Z", "dateReserved": "2024-06-12T09:23:33.130Z", "assignerOrgId": "14ed7db2-1595-443d-9d34-6215bf890778", "datePublished": "2024-06-26T15:19:13.955Z", "assignerShortName": "Google"}, "dataVersion": "5.1"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "There exists a vulnerability in Quick Share/Nearby, where an attacker can force a victim to stay connected to a temporary hotspot created for the sharing. As part of the sequence of packets in a Quick Share connection over Bluetooth, the attacker forces the victim to connect to the attacker\u2019s WiFi network and then sends an OfflineFrame that crashes Quick Share.\nThis makes the Wifi connection to the attacker\u2019s network last, instead of returning to the old network when the Quick Share session completes, allowing the attacker to be a MiTM. We recommend upgrading to version\u00a01.0.1724.0 of Quick Share or above"}, {"lang": "es", "value": "Existe una vulnerabilidad en Quickshare/Nearby donde un atacante puede obligar a la v\u00edctima a permanecer conectada a un punto de acceso temporal creado para el recurso compartido. Como parte de la secuencia de paquetes en una conexi\u00f3n QuickShare a trav\u00e9s de Bluetooth, el atacante obliga a la v\u00edctima a conectarse a la red WiFi del atacante y luego env\u00eda un OfflineFrame que bloquea Quick Share. Esto hace que la conexi\u00f3n Wifi a la red del atacante dure en lugar de regresar a la red anterior cuando finaliza la sesi\u00f3n de Quick Share, lo que permite que el atacante sea un MiTM. Recomendamos actualizar a la versi\u00f3n 1.0.1724.0 de Quickshare o superior"}], "id": "CVE-2024-38271", "lastModified": "2024-07-29T22:15:04.757", "metrics": {"cvssMetricV40": [{"cvssData": {"attackComplexity": "HIGH", "attackRequirements": "PRESENT", "attackVector": "ADJACENT", "automatable": "NOT_DEFINED", "availabilityRequirements": "NOT_DEFINED", "baseScore": 5.9, "baseSeverity": "MEDIUM", "confidentialityRequirements": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirements": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubsequentSystemAvailability": "NOT_DEFINED", "modifiedSubsequentSystemConfidentiality": "NOT_DEFINED", "modifiedSubsequentSystemIntegrity": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnerableSystemAvailability": "NOT_DEFINED", "modifiedVulnerableSystemConfidentiality": "NOT_DEFINED", "modifiedVulnerableSystemIntegrity": "NOT_DEFINED", "privilegesRequired": "LOW", "providerUrgency": "NOT_DEFINED", "recovery": "NOT_DEFINED", "safety": "NOT_DEFINED", "subsequentSystemAvailability": "LOW", "subsequentSystemConfidentiality": "HIGH", "subsequentSystemIntegrity": "LOW", "userInteraction": "ACTIVE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:A/AC:H/AT:P/PR:L/UI:A/VC:H/VI:L/VA:L/SC:H/SI:L/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnerabilityResponseEffort": "NOT_DEFINED", "vulnerableSystemAvailability": "LOW", "vulnerableSystemConfidentiality": "HIGH", "vulnerableSystemIntegrity": "LOW"}, "source": "cve-coordination@google.com", "type": "Secondary"}]}, "published": "2024-06-26T16:15:11.560", "references": [{"source": "cve-coordination@google.com", "url": "https://github.com/google/nearby/pull/2402"}, {"source": "cve-coordination@google.com", "url": "https://github.com/google/nearby/pull/2433"}, {"source": "cve-coordination@google.com", "url": "https://github.com/google/nearby/pull/2435"}, {"source": "cve-coordination@google.com", "url": "https://github.com/google/nearby/pull/2589"}], "sourceIdentifier": "cve-coordination@google.com", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-404"}], "source": "cve-coordination@google.com", "type": "Secondary"}]}