Lucene search

K
nvd[email protected]NVD:CVE-2022-41627
HistoryOct 27, 2022 - 9:15 p.m.

CVE-2022-41627

2022-10-2721:15:15
CWE-319
CWE-311
web.nvd.nist.gov
2
iot device
encryption
data-over-sound
unauthorized access
denial-of-service

CVSS3

7.6

Attack Vector

ADJACENT

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

HIGH

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H

EPSS

0.001

Percentile

18.0%

The physical IoT device of the AliveCor’s KardiaMobile, a smartphone-based personal electrocardiogram (EKG) has no encryption for its data-over-sound protocols. Exploiting this vulnerability could allow an attacker to read patient EKG results or create a denial-of-service condition by emitting sounds at similar frequencies as the device, disrupting the smartphone microphone’s ability to accurately read the data. To carry out this attack, the attacker must be close (less than 5 feet) to pick up and emit sound waves.

Affected configurations

Nvd
Node
alivecorkardiamobileMatch-
AND
alivecorkardiamobile_firmwareMatch-
Node
alivecorkardiamobile_6lMatch-
AND
alivecorkardiamobile_6l_firmwareMatch-
Node
alivecorkardiamobile_cardMatch-
AND
alivecorkardiamobile_card_firmwareMatch-
VendorProductVersionCPE
alivecorkardiamobile-cpe:2.3:h:alivecor:kardiamobile:-:*:*:*:*:*:*:*
alivecorkardiamobile_firmware-cpe:2.3:o:alivecor:kardiamobile_firmware:-:*:*:*:*:*:*:*
alivecorkardiamobile_6l-cpe:2.3:h:alivecor:kardiamobile_6l:-:*:*:*:*:*:*:*
alivecorkardiamobile_6l_firmware-cpe:2.3:o:alivecor:kardiamobile_6l_firmware:-:*:*:*:*:*:*:*
alivecorkardiamobile_card-cpe:2.3:h:alivecor:kardiamobile_card:-:*:*:*:*:*:*:*
alivecorkardiamobile_card_firmware-cpe:2.3:o:alivecor:kardiamobile_card_firmware:-:*:*:*:*:*:*:*

CVSS3

7.6

Attack Vector

ADJACENT

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

HIGH

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H

EPSS

0.001

Percentile

18.0%

Related for NVD:CVE-2022-41627