CVE-2013-4872

Google Glass before XE6 does not properly restrict the processing of QR codes, which allows physically proximate attackers to modify the configuration or redirect users to arbitrary web sites via a crafted symbol, as demonstrated by selecting a Wi-Fi access point in order to conduct a man-in-the-middle attack.

CVSS v2.0 6.9 MEDIUM

6.9^/10

CVSS v2.0 : MEDIUM

Vector : AV:L/AC:M/Au:N/C:C/I:C/A:C

Exploitability : 3.4 / Impact : 10.0

Access Vector LOCAL

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References

Link	Resource
https://blog.lookout.com/blog/2013/07/17/hacking-the-internet-of-things-for-good/
https://exchange.xforce.ibmcloud.com/vulnerabilities/85804
https://blog.lookout.com/blog/2013/07/17/hacking-the-internet-of-things-for-good/
https://exchange.xforce.ibmcloud.com/vulnerabilities/85804

Configurations

Configuration 1 (hide)

cpe:2.3:h:google:glass:*:*:*:*:*:*:*:*

History

21 Nov 2024, 01:56

Type	Values Removed	Values Added
References	~~() https://blog.lookout.com/blog/2013/07/17/hacking-the-internet-of-things-for-good/ -~~	() https://blog.lookout.com/blog/2013/07/17/hacking-the-internet-of-things-for-good/ -
References	~~() https://exchange.xforce.ibmcloud.com/vulnerabilities/85804 -~~	() https://exchange.xforce.ibmcloud.com/vulnerabilities/85804 -

Information

Published : 2013-07-18 16:51

Updated : 2024-11-21 01:56

NVD link : CVE-2013-4872

Mitre link : CVE-2013-4872

CVE.ORG link : CVE-2013-4872

JSON object : View

Products Affected

google

glass

CWE

CWE-264

Permissions, Privileges, and Access Controls

{"id": "CVE-2013-4872", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 6.9, "accessVector": "LOCAL", "vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C", "authentication": "NONE", "integrityImpact": "COMPLETE", "accessComplexity": "MEDIUM", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "acInsufInfo": false, "impactScore": 10.0, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 3.4, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}]}, "published": "2013-07-18T16:51:40.160", "references": [{"url": "https://blog.lookout.com/blog/2013/07/17/hacking-the-internet-of-things-for-good/", "source": "cve@mitre.org"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/85804", "source": "cve@mitre.org"}, {"url": "https://blog.lookout.com/blog/2013/07/17/hacking-the-internet-of-things-for-good/", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/85804", "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-264"}]}], "descriptions": [{"lang": "en", "value": "Google Glass before XE6 does not properly restrict the processing of QR codes, which allows physically proximate attackers to modify the configuration or redirect users to arbitrary web sites via a crafted symbol, as demonstrated by selecting a Wi-Fi access point in order to conduct a man-in-the-middle attack."}, {"lang": "es", "value": "Google Glass anterior a XE6 no restringe adecuadamente el procesamiento de los c\u00f3digos QR, permitiendo a los atacantes f\u00edsicamente pr\u00f3ximos modificar la configuraci\u00f3n o redirigir a los usuarios a sitios web de su elecci\u00f3n mediante un s\u00edmbolo especialmente dise\u00f1ado, como se ha demostrado mediante la selecci\u00f3n de un punto de acceso Wi-Fi con el fin de llevar a cabo una man-in-the-middle."}], "lastModified": "2024-11-21T01:56:36.870", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:google:glass:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2B0CE133-3B8C-4B92-8F42-4FE8E9C21A77", "versionEndIncluding": "xe5"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}