exploitDog

CVE-2013-4877

Опубликовано: 18 июл. 2013

Источник: nvd

CVSS2: 2.6

EPSS Низкий

Описание

The Verizon Wireless Network Extender SCS-26UC4 and SCS-2U01 does not use CAVE authentication, which makes it easier for remote attackers to obtain ESN and MIN values from arbitrary phones, and conduct cloning attacks, by sniffing the network for registration packets.

Ссылки

http://www.kb.cert.org/vuls/id/458007
US Government Resource
http://www.kb.cert.org/vuls/id/BLUU-997M5B
US Government Resource
http://www.securityfocus.com/bid/61169
http://www.kb.cert.org/vuls/id/458007
US Government Resource
http://www.kb.cert.org/vuls/id/BLUU-997M5B
US Government Resource
http://www.securityfocus.com/bid/61169

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:h:verizon:wireless_network_extender:scs-2u01:*:*:*:*:*:*:*

cpe:2.3:h:verizon:wireless_network_extender:scs-26uc4:*:*:*:*:*:*:*

EPSS

Процентиль: 75%

0.00896

Низкий

2.6 Low

CVSS2

Дефекты

CWE-287

Связанные уязвимости

GHSA-p7rg-rp2h-c9h8

github

больше 3 лет назад

The Verizon Wireless Network Extender SCS-26UC4 and SCS-2U01 does not use CAVE authentication, which makes it easier for remote attackers to obtain ESN and MIN values from arbitrary phones, and conduct cloning attacks, by sniffing the network for registration packets.

EPSS

Процентиль: 75%

0.00896

Низкий

2.6 Low

CVSS2

Дефекты

CWE-287