CVE-2017-14797

Lack of Transport Encryption in the public API in Philips Hue Bridge BSB002 SW 1707040932 allows remote attackers to read API keys (and consequently bypass the pushlink protection mechanism, and obtain complete control of the connected accessories) by leveraging the ability to sniff HTTP traffic on the local intranet network.

CVSS v3 7.5 HIGH
CVSS v2.0 7.9 HIGH

7.5^/10

CVSS v3 : HIGH

Vector : AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability : 1.6 / Impact : 5.9

Attack Vector ADJACENT_NETWORK

Attack Complexity HIGH

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

7.9^/10

CVSS v2.0 : HIGH

Vector : AV:A/AC:M/Au:N/C:C/I:C/A:C

Exploitability : 5.5 / Impact : 10.0

Access Vector ADJACENT_NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References

Link	Resource
https://www.tiferrei.com/philips-we-need-to-talk

Configurations

Configuration 1 (hide)

AND

cpe:2.3:o:philips:hue_bridge_bsb002_firmware:1707040932:*:*:*:*:*:*:*

cpe:2.3:h:philips:hue_bridge_bsb002:-:*:*:*:*:*:*:*

History

No history.

Information

Published : 2017-10-01 01:29

Updated : 2017-11-21 02:29

NVD link : CVE-2017-14797

Mitre link : CVE-2017-14797

CVE.ORG link : CVE-2017-14797

JSON object : View

Products Affected

philips

hue_bridge_bsb002
hue_bridge_bsb002_firmware

CWE

CWE-326

Inadequate Encryption Strength

{"id": "CVE-2017-14797", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 7.9, "accessVector": "ADJACENT_NETWORK", "vectorString": "AV:A/AC:M/Au:N/C:C/I:C/A:C", "authentication": "NONE", "integrityImpact": "COMPLETE", "accessComplexity": "MEDIUM", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "acInsufInfo": false, "impactScore": 10.0, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 5.5, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV30": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 7.5, "attackVector": "ADJACENT_NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 1.6}]}, "published": "2017-10-01T01:29:00.723", "references": [{"url": "https://www.tiferrei.com/philips-we-need-to-talk", "source": "cve@mitre.org"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-326"}]}], "descriptions": [{"lang": "en", "value": "Lack of Transport Encryption in the public API in Philips Hue Bridge BSB002 SW 1707040932 allows remote attackers to read API keys (and consequently bypass the pushlink protection mechanism, and obtain complete control of the connected accessories) by leveraging the ability to sniff HTTP traffic on the local intranet network."}, {"lang": "es", "value": "La ausencia de cifrado en la capa de transporte en la API publica en Philips Hue Bridge BSB002 SW 1707040932 permite que los atacantes remotos lean claves de API (y en consecuencia omitir el mecanismo de protecci\u00f3n pushlink y obtener el control completo de los accesorios conectados) mediante la capacidad para rastrear el tr\u00e1fico HTTP en la intranet local."}], "lastModified": "2017-11-21T02:29:08.337", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:philips:hue_bridge_bsb002_firmware:1707040932:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "32D4FB5F-8B57-436B-991C-F300A9B09B40"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:philips:hue_bridge_bsb002:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "1A54ECAB-98FB-4E50-B359-C01FB23FE3FC"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "cve@mitre.org"}