Lucene search

MitreCVE-2022-46480

HistoryDec 05, 2023 - 12:15 a.m.

CVE-2022-46480

2023-12-0500:15:07

CWE-384

CWE-294

mitre

web.nvd.nist.gov

ultraloq

smart lock

firmware

bluetooth

session management

credential re-use

cve-2022-46480

nvd

CVSS3

8.1

Attack Vector

ADJACENT

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

AI Score

Confidence

High

EPSS

0.001

Percentile

21.5%

JSON

Incorrect Session Management and Credential Re-use in the Bluetooth LE stack of the Ultraloq UL3 2nd Gen Smart Lock Firmware 02.27.0012 allows an attacker to sniff the unlock code and unlock the device whilst within Bluetooth range.

Affected configurations

Nvd

Node

u-tecultraloq_ul3_btMatch2nd_gen

AND

u-tecultraloq_ul3_bt_firmwareMatch02.27.0012

VendorProductVersionCPE
u-tecultraloq_ul3_bt2nd_gencpe:2.3:h:u-tec:ultraloq_ul3_bt:2nd_gen:*:*:*:*:*:*:*
u-tecultraloq_ul3_bt_firmware02.27.0012cpe:2.3:o:u-tec:ultraloq_ul3_bt_firmware:02.27.0012:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
u-tec	ultraloq_ul3_bt	2nd_gen	cpe:2.3:h:u-tec:ultraloq_ul3_bt:2nd_gen:::::::*
u-tec	ultraloq_ul3_bt_firmware	02.27.0012	cpe:2.3:o:u-tec:ultraloq_ul3_bt_firmware:02.27.0012:::::::*

References

arxiv.org/abs/2312.00021

www.researchgate.net/publication/375759408_Technical_Report_-_CVE-2022-46480_CVE-2023-26941_CVE-2023-26942_and_CVE-2023-26943#fullTextFileContent

CVSS3

8.1

Attack Vector

ADJACENT

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

AI Score

Confidence

High

EPSS

0.001

Percentile

21.5%

JSON

Related for CVE-2022-46480