Lucene search

[email protected]CVE-2013-4877

HistoryJul 18, 2013 - 4:51 p.m.

CVE-2013-4877

2013-07-1816:51:40

CWE-287

[email protected]

web.nvd.nist.gov

verizon wireless

network extender

scs-26uc4

scs-2u01

cave authentication

remote attackers

esn

min

cloning attacks

nvd

2.6 Low

CVSS2

Attack Vector

LOCAL

Attack Complexity

HIGH

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:L/AC:H/Au:N/C:P/I:P/A:N

7 High

AI Score

Confidence

Low

0.004 Low

EPSS

Percentile

72.7%

JSON

The Verizon Wireless Network Extender SCS-26UC4 and SCS-2U01 does not use CAVE authentication, which makes it easier for remote attackers to obtain ESN and MIN values from arbitrary phones, and conduct cloning attacks, by sniffing the network for registration packets.

Affected configurations

NVD

Node

verizonwireless_network_extenderMatchscs-2u01

verizonwireless_network_extenderMatchscs-26uc4

CPENameOperatorVersion
verizon:wireless_network_extenderverizon wireless network extendereqscs-2u01
verizon:wireless_network_extenderverizon wireless network extendereqscs-26uc4

CPE	Name	Operator	Version
verizon:wireless_network_extender	verizon wireless network extender	eq	scs-2u01
verizon:wireless_network_extender	verizon wireless network extender	eq	scs-26uc4

References

www.kb.cert.org/vuls/id/458007

www.kb.cert.org/vuls/id/BLUU-997M5B

www.securityfocus.com/bid/61169

2.6 Low

CVSS2

Attack Vector

LOCAL

Attack Complexity

HIGH

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:L/AC:H/Au:N/C:P/I:P/A:N

7 High

AI Score

Confidence

Low

0.004 Low

EPSS

Percentile

72.7%

JSON

Related for CVE-2013-4877

nvd1 prion1 cvelist1