Vulnerability Details : CVE-2020-14157
The wireless-communication feature of the ABUS Secvest FUBE50001 device does not encrypt sensitive data such as PIN codes or IDs of used proximity chip keys (RFID tokens). This makes it easier for an attacker to disarm the wireless alarm system.
Products affected by CVE-2020-14157
- cpe:2.3:o:abus:secvest_wireless_control_fube50001_firmware:-:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2020-14157
0.10%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 39 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2020-14157
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
4.8
|
MEDIUM | AV:A/AC:L/Au:N/C:P/I:P/A:N |
6.5
|
4.9
|
NIST | |
8.1
|
HIGH | CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N |
2.8
|
5.2
|
NIST |
CWE ids for CVE-2020-14157
-
The product transmits sensitive or security-critical data in cleartext in a communication channel that can be sniffed by unauthorized actors.Assigned by: nvd@nist.gov (Primary)
References for CVE-2020-14157
-
https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2020-014.txt
Exploit;Third Party Advisory
-
https://www.youtube.com/watch?v=kCqAVYyahLc
YouTubeExploit;Third Party Advisory
-
http://seclists.org/fulldisclosure/2020/Jun/26
Full Disclosure: [SYSS_2020-014]: ABUS Secvest Wireless Control Device (FUBE50001) - Missing Encryption of Sensitive Data (CWE-311) (CVE-2020-14157)Third Party Advisory
-
http://packetstormsecurity.com/files/158204/ABUS-Secvest-Wireless-Control-Device-Missing-Encryption.html
ABUS Secvest Wireless Control Device Missing Encryption ≈ Packet StormThird Party Advisory
Jump to