CVE-2019-13053

Logitech Unifying devices allow keystroke injection, bypassing encryption. The attacker must press a "magic" key combination while sniffing cryptographic data from a Radio Frequency transmission. NOTE: this issue exists because of an incomplete fix for CVE-2016-10761.

CVSS v3 6.5 MEDIUM
CVSS v2.0 3.3 LOW

6.5^/10

CVSS v3 : MEDIUM

Vector : AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Exploitability : 2.8 / Impact : 3.6

Attack Vector ADJACENT_NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact HIGH

Availability Impact NONE

Scope UNCHANGED

3.3^/10

CVSS v2.0 : LOW

Vector : AV:A/AC:L/Au:N/C:N/I:P/A:N

Exploitability : 6.5 / Impact : 2.9

Access Vector ADJACENT_NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact NONE

References

Link	Resource
https://www.youtube.com/watch?v=EksyCO0DzYs	Exploit Third Party Advisory

Configurations

Configuration 1 (hide)

AND

cpe:2.3:o:logitech:unifying_receiver_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:logitech:unifying_receiver:-:*:*:*:*:*:*:*

History

No history.

Information

Published : 2019-06-29 20:15

Updated : 2024-02-04 20:20

NVD link : CVE-2019-13053

Mitre link : CVE-2019-13053

CVE.ORG link : CVE-2019-13053

JSON object : View

Products Affected

logitech

unifying_receiver
unifying_receiver_firmware

CWE

NVD-CWE-noinfo

{"id": "CVE-2019-13053", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 3.3, "accessVector": "ADJACENT_NETWORK", "vectorString": "AV:A/AC:L/Au:N/C:N/I:P/A:N", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "LOW", "obtainAllPrivilege": false, "exploitabilityScore": 6.5, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV30": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 6.5, "attackVector": "ADJACENT_NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 2.8}]}, "published": "2019-06-29T20:15:09.277", "references": [{"url": "https://www.youtube.com/watch?v=EksyCO0DzYs", "tags": ["Exploit", "Third Party Advisory"], "source": "cve@mitre.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}], "descriptions": [{"lang": "en", "value": "Logitech Unifying devices allow keystroke injection, bypassing encryption. The attacker must press a \"magic\" key combination while sniffing cryptographic data from a Radio Frequency transmission. NOTE: this issue exists because of an incomplete fix for CVE-2016-10761."}, {"lang": "es", "value": "Los dispositivos Logitech Unifying, permiten la inyecci\u00f3n de pulsaciones de teclas (keystroke), omitiendo el cifrado. El atacante debe presionar una combinaci\u00f3n de teclas \"magic\" mientras esp\u00eda los datos criptogr\u00e1ficos de una transmisi\u00f3n de radiofrecuencia. NOTA: este problema se presenta debido a una soluci\u00f3n incompleta para el CVE-2016-10761."}], "lastModified": "2020-08-24T17:37:01.140", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:logitech:unifying_receiver_firmware:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E9B4B96F-3A67-4D2E-AD26-8F42FAF9CB30"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:logitech:unifying_receiver:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "EED6C6A2-619D-4809-8E1F-23D77B94FB31"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "cve@mitre.org"}