Lucene search

[email protected]NVD:CVE-2013-4877

HistoryJul 18, 2013 - 4:51 p.m.

CVE-2013-4877

2013-07-1816:51:40

CWE-287

[email protected]

web.nvd.nist.gov

CVSS2

2.6

Attack Vector

LOCAL

Attack Complexity

HIGH

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:L/AC:H/Au:N/C:P/I:P/A:N

AI Score

6.8

Confidence

Low

EPSS

0.004

Percentile

72.7%

JSON

The Verizon Wireless Network Extender SCS-26UC4 and SCS-2U01 does not use CAVE authentication, which makes it easier for remote attackers to obtain ESN and MIN values from arbitrary phones, and conduct cloning attacks, by sniffing the network for registration packets.

Affected configurations

Nvd

Node

verizonwireless_network_extenderMatchscs-2u01

verizonwireless_network_extenderMatchscs-26uc4

VendorProductVersionCPE
verizonwireless_network_extenderscs-2u01cpe:2.3:h:verizon:wireless_network_extender:scs-2u01:*:*:*:*:*:*:*
verizonwireless_network_extenderscs-26uc4cpe:2.3:h:verizon:wireless_network_extender:scs-26uc4:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
verizon	wireless_network_extender	scs-2u01	cpe:2.3:h:verizon:wireless_network_extender:scs-2u01:::::::*
verizon	wireless_network_extender	scs-26uc4	cpe:2.3:h:verizon:wireless_network_extender:scs-26uc4:::::::*

References

www.kb.cert.org/vuls/id/458007

www.kb.cert.org/vuls/id/BLUU-997M5B

www.securityfocus.com/bid/61169

CVSS2

2.6

Attack Vector

LOCAL

Attack Complexity

HIGH

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:L/AC:H/Au:N/C:P/I:P/A:N

AI Score

6.8

Confidence

Low

EPSS

0.004

Percentile

72.7%

JSON

Related for NVD:CVE-2013-4877

prion1 cvelist1 cve1