CVE-2019-13053

{"id": "CVE-2019-13053", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 3.3, "accessVector": "ADJACENT_NETWORK", "vectorString": "AV:A/AC:L/Au:N/C:N/I:P/A:N", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "LOW", "obtainAllPrivilege": false, "exploitabilityScore": 6.5, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV30": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 6.5, "attackVector": "ADJACENT_NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 2.8}]}, "published": "2019-06-29T20:15:09.277", "references": [{"url": "https://www.youtube.com/watch?v=EksyCO0DzYs", "tags": ["Exploit", "Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://www.youtube.com/watch?v=EksyCO0DzYs", "tags": ["Exploit", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}], "descriptions": [{"lang": "en", "value": "Logitech Unifying devices allow keystroke injection, bypassing encryption. The attacker must press a \"magic\" key combination while sniffing cryptographic data from a Radio Frequency transmission. NOTE: this issue exists because of an incomplete fix for CVE-2016-10761."}, {"lang": "es", "value": "Los dispositivos Logitech Unifying, permiten la inyecci\u00f3n de pulsaciones de teclas (keystroke), omitiendo el cifrado. El atacante debe presionar una combinaci\u00f3n de teclas \"magic\" mientras esp\u00eda los datos criptogr\u00e1ficos de una transmisi\u00f3n de radiofrecuencia. NOTA: este problema se presenta debido a una soluci\u00f3n incompleta para el CVE-2016-10761."}], "lastModified": "2024-11-21T04:24:06.860", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:logitech:unifying_receiver_firmware:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E9B4B96F-3A67-4D2E-AD26-8F42FAF9CB30"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:logitech:unifying_receiver:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "EED6C6A2-619D-4809-8E1F-23D77B94FB31"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "cve@mitre.org"}