CVE-2022-46480

CVSS v3 8.1 HIGH

8.1^/10

CVSS v3 : HIGH

Vector :

Exploitability : 2.8 / Impact : 5.2

Attack Vector ADJACENT_NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact NONE

Scope UNCHANGED

I

ncorrect Session Management and Credential Re-use in the Bluetooth LE stack of the Ultraloq UL3 2nd Gen Smart Lock Firmware 02.27.0012 allows an attacker to sniff the unlock code and unlock the device whilst within Bluetooth range.

References

Link	Resource
https://arxiv.org/abs/2312.00021
https://www.researchgate.net/publication/375759408_Technical_Report_-_CVE-2022-46480_CVE-2023-26941_CVE-2023-26942_and_CVE-2023-26943#fullTextFileContent	Exploit Technical Description Third Party Advisory
https://arxiv.org/abs/2312.00021
https://www.researchgate.net/publication/375759408_Technical_Report_-_CVE-2022-46480_CVE-2023-26941_CVE-2023-26942_and_CVE-2023-26943#fullTextFileContent	Exploit Technical Description Third Party Advisory

Configurations

Configuration 1 (hide)

AND

cpe:2.3:o:u-tec:ultraloq_ul3_bt_firmware:02.27.0012:*:*:*:*:*:*:*

cpe:2.3:h:u-tec:ultraloq_ul3_bt:2nd_gen:*:*:*:*:*:*:*

History

21 Nov 2024, 07:30

Type	Values Removed	Values Added
References	~~() https://arxiv.org/abs/2312.00021 -~~	() https://arxiv.org/abs/2312.00021 -
References	() https://www.researchgate.net/publication/375759408_Technical_Report_-_CVE-2022-46480_CVE-2023-26941_CVE-2023-26942_and_CVE-2023-26943#fullTextFileContent - Exploit, Technical Description, Third Party Advisory	() https://www.researchgate.net/publication/375759408_Technical_Report_-_CVE-2022-46480_CVE-2023-26941_CVE-2023-26942_and_CVE-2023-26943#fullTextFileContent - Exploit, Technical Description, Third Party Advisory

Information

Published : 2023-12-05 00:15

Updated : 2024-11-21 07:30

NVD link : CVE-2022-46480

Mitre link : CVE-2022-46480

CVE.ORG link : CVE-2022-46480

JSON object : View

Products Affected

CWE

CWE-294

Authentication Bypass by Capture-replay

CWE-384

Session Fixation

{"id": "CVE-2022-46480", "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "[email protected]", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.1, "attackVector": "ADJACENT_NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.2, "exploitabilityScore": 2.8}]}, "published": "2023-12-05T00:15:07.460", "references": [{"url": "https://arxiv.org/abs/2312.00021", "source": "[email protected]"}, {"url": "https://www.researchgate.net/publication/375759408_Technical_Report_-_CVE-2022-46480_CVE-2023-26941_CVE-2023-26942_and_CVE-2023-26943#fullTextFileContent", "tags": ["Exploit", "Technical Description", "Third Party Advisory"], "source": "[email protected]"}, {"url": "https://arxiv.org/abs/2312.00021", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://www.researchgate.net/publication/375759408_Technical_Report_-_CVE-2022-46480_CVE-2023-26941_CVE-2023-26942_and_CVE-2023-26943#fullTextFileContent", "tags": ["Exploit", "Technical Description", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "[email protected]", "description": [{"lang": "en", "value": "CWE-294"}, {"lang": "en", "value": "CWE-384"}]}], "descriptions": [{"lang": "en", "value": "Incorrect Session Management and Credential Re-use in the Bluetooth LE stack of the Ultraloq UL3 2nd Gen Smart Lock Firmware 02.27.0012 allows an attacker to sniff the unlock code and unlock the device whilst within Bluetooth range."}, {"lang": "es", "value": "La gesti\u00f3n de sesi\u00f3n incorrecta y la reutilizaci\u00f3n de credenciales en la pila Bluetooth LE del firmware de bloqueo inteligente Ultraloq UL3 de segunda generaci\u00f3n 02.27.0012 permiten a un atacante detectar el c\u00f3digo de desbloqueo y desbloquear el dispositivo mientras se encuentra dentro del alcance de Bluetooth."}], "lastModified": "2024-11-21T07:30:37.423", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:u-tec:ultraloq_ul3_bt_firmware:02.27.0012:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "BA191DAF-E479-4B8D-99BF-2AC6147C4490"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:u-tec:ultraloq_ul3_bt:2nd_gen:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "AF2D1265-D7A7-4F4D-B0BC-DE788C2163A6"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "[email protected]"}