CVE-2019-9863

Published Mar 27, 2019

Last updated 3 years ago

Overview

Description: Due to the use of an insecure algorithm for rolling codes in the ABUS Secvest wireless alarm system FUAA50000 3.01.01 and its remote controls FUBE50014 and FUBE50015, an attacker is able to predict valid future rolling codes, and can thus remotely control the alarm system in an unauthorized way.
Source: cve@mitre.org
NVD status: Analyzed

Hype score: Not currently trending

Risk scores

CVSS 3.0

Type: Primary
Base score: 9.8
Impact score: 5.9
Exploitability score: 3.9
Vector string: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Severity: CRITICAL

CVSS 2.0

Type: Primary
Base score: 10
Impact score: 10
Exploitability score: 10
Vector string: AV:N/AC:L/Au:N/C:C/I:C/A:C

Weaknesses

nvd@nist.gov: CWE-330

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:abus:secvest_wireless_alarm_system_fuaa50000_firmware:3.01.01:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "3C5A31E7-5281-4EDC-9CC5-A887857BB6B7"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:abus:secvest_wireless_alarm_system_fuaa50000:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "CD534B70-3FA6-4712-A30E-A9BEEB9A91CB"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:abus:secvest_wireless_remote_control_fube50014_firmware:-:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "36446080-FC7A-40C4-B3FA-E431B7208B54"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:abus:secvest_wireless_remote_control_fube50014:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "FE991250-A833-4D6D-9CAE-8802C81917E5"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:abus:secvest_wireless_remote_control_fube50015_firmware:-:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "9837869E-A954-4E05-B8FA-FF4D41B45E0E"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:abus:secvest_wireless_remote_control_fube50015:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "FF0E3110-7E9E-4FE2-9611-78B4D9819927"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  }
]

Overview

Social media

Risk scores

CVSS 3.0

CVSS 2.0

Weaknesses

Configurations

References