Lucene search

[email protected]CVE-2023-46916

HistoryDec 07, 2023 - 6:15 a.m.

CVE-2023-46916

2023-12-0706:15:54

[email protected]

web.nvd.nist.gov

cve-2023-46916

maxima

max pro power

ble

traffic replay

gatt characteristic

heart rate monitor

nvd

4.3 Medium

CVSS3

Attack Vector

ADJACENT

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

4.6 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

20.5%

JSON

Maxima Max Pro Power 1.0 486A devices allow BLE traffic replay. An attacker can use GATT characteristic handle 0x0012 to perform potentially disruptive actions such as starting a Heart Rate monitor.

Affected configurations

NVD

Node

maximawatchesmaxima_max_pro_power_firmwareMatch1.0_486a

AND

maximawatchesmaxima_max_pro_powerMatch-

CPENameOperatorVersion
maximawatches:maxima_max_pro_power_firmwaremaximawatches maxima max pro power firmwareeq1.0_486a

CPE	Name	Operator	Version
maximawatches:maxima_max_pro_power_firmware	maximawatches maxima max pro power firmware	eq	1.0_486a

References

packetstormsecurity.com/files/175660

www.maximawatches.com/products/max-pro-power

4.3 Medium

CVSS3

Attack Vector

ADJACENT

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

4.6 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

20.5%

JSON

Related for CVE-2023-46916

prion1 zdt1 cvelist1 nvd1 exploitdb1 packetstorm1