Lucene search

[email protected]NVD:CVE-2022-46480

HistoryDec 05, 2023 - 12:15 a.m.

CVE-2022-46480

2023-12-0500:15:07

CWE-384

CWE-294

[email protected]

web.nvd.nist.gov

cve-2022-46480

incorrect session management

credential re-use

bluetooth le

ultraloq ul3 2nd gen

smart lock

firmware

vulnerability

CVSS3

8.1

Attack Vector

ADJACENT

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

EPSS

0.001

Percentile

21.5%

JSON

Incorrect Session Management and Credential Re-use in the Bluetooth LE stack of the Ultraloq UL3 2nd Gen Smart Lock Firmware 02.27.0012 allows an attacker to sniff the unlock code and unlock the device whilst within Bluetooth range.

Affected configurations

Nvd

Node

u-tecultraloq_ul3_btMatch2nd_gen

AND

u-tecultraloq_ul3_bt_firmwareMatch02.27.0012

VendorProductVersionCPE
u-tecultraloq_ul3_bt2nd_gencpe:2.3:h:u-tec:ultraloq_ul3_bt:2nd_gen:*:*:*:*:*:*:*
u-tecultraloq_ul3_bt_firmware02.27.0012cpe:2.3:o:u-tec:ultraloq_ul3_bt_firmware:02.27.0012:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
u-tec	ultraloq_ul3_bt	2nd_gen	cpe:2.3:h:u-tec:ultraloq_ul3_bt:2nd_gen:::::::*
u-tec	ultraloq_ul3_bt_firmware	02.27.0012	cpe:2.3:o:u-tec:ultraloq_ul3_bt_firmware:02.27.0012:::::::*

References

arxiv.org/abs/2312.00021

www.researchgate.net/publication/375759408_Technical_Report_-_CVE-2022-46480_CVE-2023-26941_CVE-2023-26942_and_CVE-2023-26943#fullTextFileContent

CVSS3

8.1

Attack Vector

ADJACENT

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

EPSS

0.001

Percentile

21.5%

JSON

Related for NVD:CVE-2022-46480

cvelist1 prion1 cve1