ByteOS Network

Vulnerability Details :

CVE-2019-12587

Assigner-mitre

Assigner Org ID-8254265b-2729-46b6-b9e3-3dfca2d5bfca

Published At-04 Sep, 2019 | 11:31

Updated At-04 Aug, 2024 | 23:24

The EAP peer implementation in Espressif ESP-IDF 2.0.0 through 4.0.0 and ESP8266_NONOS_SDK 2.2.0 through 3.1.0 allows the installation of a zero Pairwise Master Key (PMK) after the completion of any EAP authentication method, which allows attackers in radio range to replay, decrypt, or spoof frames via a rogue access point.

EPSS History

Score

Latest Score

N/A

Percentile

Latest Percentile

N/A

▼Common Vulnerabilities and Exposures (CVE)

cve.org

Assigner:mitre

Assigner Org ID:8254265b-2729-46b6-b9e3-3dfca2d5bfca

Published At:04 Sep, 2019 | 11:31

Updated At:04 Aug, 2024 | 23:24

▼CVE Numbering Authority (CNA)

Affected Products

Vendor

n/a

Product

n/a

Versions

Affected

Problem Types

Type	CWE ID	Description
text	N/A	n/a

Type: text

CWE ID: N/A

Description: n/a

References

Hyperlink	Resource
https://github.com/espressif	x_refsource_MISC
https://github.com/Matheus-Garbelini/esp32_esp8266_attacks	x_refsource_MISC
https://matheus-garbelini.github.io/home/post/zero-pmk-installation/	x_refsource_MISC

Hyperlink: https://github.com/espressif

Resource:

x_refsource_MISC

Hyperlink: https://github.com/Matheus-Garbelini/esp32_esp8266_attacks

Resource:

x_refsource_MISC

Hyperlink: https://matheus-garbelini.github.io/home/post/zero-pmk-installation/

Resource:

x_refsource_MISC

▼Authorized Data Publishers (ADP)

CVE Program Container

References

Hyperlink	Resource
https://github.com/espressif	x_refsource_MISC x_transferred
https://github.com/Matheus-Garbelini/esp32_esp8266_attacks	x_refsource_MISC x_transferred
https://matheus-garbelini.github.io/home/post/zero-pmk-installation/	x_refsource_MISC x_transferred

Hyperlink: https://github.com/espressif

Resource:

x_refsource_MISC

x_transferred

Hyperlink: https://github.com/Matheus-Garbelini/esp32_esp8266_attacks

Resource:

x_refsource_MISC

x_transferred

Hyperlink: https://matheus-garbelini.github.io/home/post/zero-pmk-installation/

Resource:

x_refsource_MISC

x_transferred

▼National Vulnerability Database (NVD)

nvd.nist.gov

Source:cve@mitre.org

Published At:04 Sep, 2019 | 12:15

Updated At:24 Aug, 2020 | 17:37

Date Added	Due Date	Vulnerability Name	Required Action
	N/A

Metrics

Type	Version	Base score	Base severity	Vector
Primary	3.0	8.1	HIGH	CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
Primary	2.0	4.8	MEDIUM	AV:A/AC:L/Au:N/C:P/I:P/A:N

Type: Primary

Version: 3.0

Base score: 8.1

Base severity: HIGH

Vector:

CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

Type: Primary

Version: 2.0

Base score: 4.8

Base severity: MEDIUM

Vector:

AV:A/AC:L/Au:N/C:P/I:P/A:N

CPE Matches

espressif>>esp-idf>>Versions from 2.0.0(inclusive) to 4.0.0(inclusive)

cpe:2.3:a:espressif:esp-idf:*:*:*:*:*:*:*:*

espressif>>esp8266_nonos_sdk>>Versions from 2.2.0(inclusive) to 3.1.0(inclusive)

cpe:2.3:a:espressif:esp8266_nonos_sdk:*:*:*:*:*:*:*:*

Weaknesses

CWE ID	Type	Source
CWE-327	Primary	nvd@nist.gov

CWE ID: CWE-327

Type: Primary

Source: nvd@nist.gov

References

Hyperlink	Source	Resource
https://github.com/Matheus-Garbelini/esp32_esp8266_attacks	cve@mitre.org	Exploit Third Party Advisory
https://github.com/espressif	cve@mitre.org	Product
https://matheus-garbelini.github.io/home/post/zero-pmk-installation/	cve@mitre.org	Patch Third Party Advisory

Hyperlink: https://github.com/Matheus-Garbelini/esp32_esp8266_attacks

Source: cve@mitre.org

Resource:

Exploit

Third Party Advisory

Hyperlink: https://github.com/espressif

Source: cve@mitre.org

Resource:

Product

Hyperlink: https://matheus-garbelini.github.io/home/post/zero-pmk-installation/

Source: cve@mitre.org

Resource:

Patch

Third Party Advisory

Similar CVEs

2Records found

CVE-2024-53845

Matching Score-6

Assigner-GitHub, Inc.

View Details

Matching Score-6

Assigner-GitHub, Inc.

CVSS Score-6.6||MEDIUM

EPSS-0.19% / 41.61%

7 Day CHG+0.02%

Published-11 Dec, 2024 | 22:35

Updated-12 Dec, 2024 | 16:35

AES/CBC Constant IV Vulnerability in ESPTouch v2

ESPTouch is a connection protocol for internet of things devices. In the ESPTouchV2 protocol, while there is an option to use a custom AES key, there is no option to set the IV (Initialization Vector) prior to versions 5.3.2, 5.2.4, 5.1.6, and 5.0.8. The IV is set to zero and remains constant throughout the product's lifetime. In AES/CBC mode, if the IV is not properly initialized, the encrypted output becomes deterministic, leading to potential data leakage. To address the aforementioned issues, the application generates a random IV when activating the AES key starting in versions 5.3.2, 5.2.4, 5.1.6, and 5.0.8. This IV is then transmitted along with the provision data to the provision device. The provision device has also been equipped with a parser for the AES IV. The upgrade is applicable for all applications and users of ESPTouch v2 component from ESP-IDF. As it is implemented in the ESP Wi-Fi stack, there is no workaround for the user to fix the application layer without upgrading the underlying firmware.

Vendor-espressif

Product-esp-idf

CWE ID-CWE-909

Missing Initialization of Resource

CWE ID-CWE-327

Use of a Broken or Risky Cryptographic Algorithm

CVE-2019-9506

Matching Score-4

Assigner-CERT/CC

View Details

Matching Score-4

Assigner-CERT/CC

CVSS Score-7.6||HIGH

EPSS-2.40% / 84.46%

7 Day CHG~0.00%

Published-14 Aug, 2019 | 16:27

Updated-16 Sep, 2024 | 19:14

Blutooth BR/EDR specification does not specify sufficient encryption key length and allows an attacker to influence key length negotiation

The Bluetooth BR/EDR specification up to and including version 5.1 permits sufficiently low encryption key length and does not prevent an attacker from influencing the key length negotiation. This allows practical brute-force attacks (aka "KNOB") that can decrypt traffic and inject arbitrary ciphertext without the victim noticing.

Vendor-Bluetooth Canonical Ltd.Huawei Technologies Co., Ltd.Google LLC Red Hat, Inc.BlackBerry Limited openSUSE Apple Inc.Debian GNU/Linux

Product-p_smart_firmware honor_view_10_firmware london-al40ind enterprise_linux_server_aus columbia-tl00d bla-l29c dubai-al00a p30_pro_firmware sydney-tl00 y7_2019 lelandp-al10d_firmware johnson-tl00d_firmware leland-tl10b enterprise_linux_for_real_time_for_nfv lelandp-l22a_firmware cornell-al00a sydney-l22br_firmware barca-al00_firmware nova_5_firmware honor_view_10 leland-l32a_firmware y5_2018 harry-al10b_firmware asoka-al00ax princeton-tl10c florida-l22_firmware leland-tl10c_firmware y9_2019_firmware atomu-l33 imanager_neteco_6000 enterprise_linux_server berkeley-al20 nova_5 sydney-l21br_firmware leland-l31a_firmware lelandp-al00c_firmware potter-al10a atomu-l33_firmware lelandp-al10b bla-al00b_firmware florida-l21 columbia-tl00d_firmware sydneym-l01_firmware sydneym-l03 honor_10_lite paris-l21b leland-l32c_firmware florida-al20b sydney-al00 nova_5i_pro_firmware honor_20_pro honor_20_firmware tony-al00b harry-al00c_firmware johnson-tl00f_firmware paris-l21meb nova_4 potter-al10a_firmware honor_8x_firmware florida-al20b_firmware honor_8x alp-al00b p20_pro_firmware cornell-tl10b neo-al00d_firmware sydney-l22 harry-al00c ares-tl00c_firmware y9_2019 y6_pro_2019 sydneym-l23_firmware cornell-al00i bla-tl00b harry-tl00c_firmware ever-l29b_firmware figo-tl10b_firmware mate_20_pro honor_view_20 y6_2019_firmware florida-tl10b sydneym-l03_firmware katyusha-al00a_firmware columbia-al10b_firmware madrid-tl00a virtualization_host_eus y6_pro_2019_firmware berkeley-l09_firmware nova_4_firmware tvos hima-l29c yale-al00a honor_10_lite_firmware ares-al00b imanager_neteco blackberry cornell-al00a_firmware jakarta-al00a p_smart_2019 lelandp-l22c_firmware paris-l29b yalep-al10b tony-al00b_firmware yale-al50a paris-al00ic_firmware enterprise_linux_eus enterprise_linux_for_real_time_eus yale-tl00b cornell-al00i_firmware iphone_os florida-l23 sydneym-l21 mate_20_x_firmware atomu-l42 y6_prime_2018 katyusha-al00a alp-al00b_firmware leland-l42c sydney-l21br bla-l29c_firmware android sydneym-al00 figo-l23_firmware enterprise_linux_for_real_time_for_nfv_eus asoka-al00ax_firmware y5_lite_firmware berkeley-tl10 dura-tl00a emily-l29c bla-tl00b_firmware imanager_neteco_firmware y5_2018_firmware honor_8a_firmware sydney-l21_firmware leland-l21a_firmware sydney-tl00_firmware p_smart_2019_firmware dura-tl00a_firmware leland-l21a harry-al10b ares-al10d honor_20_pro_firmware mate_20_x mac_os_x p20 tony-tl00b_firmware nova_lite_3 y5_lite cairogo-l22 sydney-l22br cornell-al00ind_firmware figo-l31 paris-al00ic debian_linux nova_3 laya-al00ep_firmware leland-l42c_firmware atomu-l42_firmware honor_8a enterprise_linux_for_real_time cornell-l29a dura-al00a_firmware florida-l21_firmware laya-al00ep princeton-al10d_firmware y6_2019 honor_view_20_firmware paris-l21b_firmware nova_5i_pro sydneym-l22_firmware ever-l29b columbia-l29d cornell-tl10b_firmware columbia-al10b dubai-al00a_firmware florida-l22 madrid-tl00a_firmware jakarta-al00a_firmware p20_firmware sydney-l22_firmware imanager_neteco_6000_firmware p20_pro madrid-al00a_firmware figo-tl10b yale-l61c cornell-al10ind charlotte-l29c_firmware yale-al00a_firmware mate_20_firmware princeton-al10b leland-l32c watchos columbia-al10i_firmware ares-al00b_firmware dura-al00a enterprise_linux_server_tus florida-tl10b_firmware nova_3_firmware ubuntu_linux charlotte-l29c columbia-l29d_firmware yalep-al10b_firmware sydney-l21 columbia-al10i cornell-al00ind leland-l32a ares-tl00c lelandp-al10d emily-l29c_firmware enterprise_linux_tus honor_20 lelandp-l22c figo-l23 potter-al00c ares-al10d_firmware atomu-l41_firmware johnson-tl00f paris-l29b_firmware barca-al00 leap tony-tl00b p30_pro lelandp-al00c london-al40ind_firmware potter-al00c_firmware enterprise_linux yale-al50a_firmware hima-l29c_firmware y7_2019_firmware princeton-tl10c_firmware yale-tl00b_firmware yale-l21a_firmware p30_firmware princeton-al10b_firmware yale-l61c_firmware leland-l42a florida-l23_firmware cairogo-l22_firmware sydneym-l21_firmware mate_20 sydneym-l01 sydneym-l22 lelandp-l22a leland-l42a_firmware sydney-al00_firmware berkeley-al20_firmware lelandp-l22d paris-l21meb_firmware mrg_realtime atomu-l41 sydneym-l23 johnson-tl00d bla-al00b yale-l21a nova_lite_3_firmware lelandp-l22d_firmware berkeley-l09 harry-tl00c enterprise_linux_aus leland-tl10b_firmware cornell-al10ind_firmware princeton-al10d madrid-al00a berkeley-tl10_firmware sydneym-al00_firmware p30 p_smart cornell-l29a_firmware lelandp-al10b_firmware figo-l31_firmware y6_prime_2018_firmware mate_20_pro_firmware leland-tl10c leland-l31a neo-al00d BR/EDR

CWE ID-CWE-310

Not Available

CWE ID-CWE-327

Use of a Broken or Risky Cryptographic Algorithm

CVE-2019-12587

Credits

Vendors

Products

Metrics (CVSS)

Weaknesses

Attack Patterns

Solution/Workaround

References

EPSS History

Score

Latest Score

N/A

Percentile

Latest Percentile

N/A

Stakeholder-Specific Vulnerability Categorization (SSVC)

Affected Products

Affected

Problem Types

Metrics

Metrics Other Info

Impacts

Solutions

Configurations

Workarounds

Exploits

Credits

Timeline

Replaced By

Rejected Reason

References

Affected Products

Metrics

Metrics Other Info

Impacts

Solutions

Configurations

Workarounds

Exploits

Credits

Timeline

Replaced By

Rejected Reason

References

CISA Catalog

Metrics

CPE Matches

Weaknesses

Evaluator Description

Evaluator Impact

Evaluator Solution

Vendor Statements

References

Change History

Similar CVEs