{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2013-07-15T00:00:00", "descriptions": [{"lang": "en", "value": "The Verizon Wireless Network Extender SCS-26UC4 and SCS-2U01 does not use CAVE authentication, which makes it easier for remote attackers to obtain ESN and MIN values from arbitrary phones, and conduct cloning attacks, by sniffing the network for registration packets."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2013-08-22T09:00:00", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_MISC"], "url": "http://www.kb.cert.org/vuls/id/BLUU-997M5B"}, {"name": "VU#458007", "tags": ["third-party-advisory", "x_refsource_CERT-VN"], "url": "http://www.kb.cert.org/vuls/id/458007"}, {"name": "61169", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/61169"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2013-4877", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The Verizon Wireless Network Extender SCS-26UC4 and SCS-2U01 does not use CAVE authentication, which makes it easier for remote attackers to obtain ESN and MIN values from arbitrary phones, and conduct cloning attacks, by sniffing the network for registration packets."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "http://www.kb.cert.org/vuls/id/BLUU-997M5B", "refsource": "MISC", "url": "http://www.kb.cert.org/vuls/id/BLUU-997M5B"}, {"name": "VU#458007", "refsource": "CERT-VN", "url": "http://www.kb.cert.org/vuls/id/458007"}, {"name": "61169", "refsource": "BID", "url": "http://www.securityfocus.com/bid/61169"}]}}}}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2013-4877", "datePublished": "2013-07-18T14:00:00", "dateReserved": "2013-07-18T00:00:00", "dateUpdated": "2013-08-22T09:00:00", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:h:verizon:wireless_network_extender:scs-2u01:*:*:*:*:*:*:*", "matchCriteriaId": "D36CAEBA-1928-4DD0-B5DC-7A05B4C4FED7", "vulnerable": true}, {"criteria": "cpe:2.3:h:verizon:wireless_network_extender:scs-26uc4:*:*:*:*:*:*:*", "matchCriteriaId": "2FF92731-EC8B-41F9-95BE-238B61F19EA9", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "The Verizon Wireless Network Extender SCS-26UC4 and SCS-2U01 does not use CAVE authentication, which makes it easier for remote attackers to obtain ESN and MIN values from arbitrary phones, and conduct cloning attacks, by sniffing the network for registration packets."}, {"lang": "es", "value": "El Verizon Wireless Network Extender SCS-26UC4 and SCS-2U01 no utiliza autenticaci\u00f3n CAVE, haciendo m\u00e1s f\u00e1cil para atacantes remotos obtener valores ESN y MIN desde tel\u00e9fonos arbitrarios, y llevar a cabo ataques de clonaci\u00f3n mediante la captura de paquetes."}], "id": "CVE-2013-4877", "lastModified": "2013-08-22T06:54:39.957", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "LOW", "cvssData": {"accessComplexity": "HIGH", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 2.6, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:L/AC:H/Au:N/C:P/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 1.9, "impactScore": 4.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2013-07-18T16:51:40.403", "references": [{"source": "cve@mitre.org", "tags": ["US Government Resource"], "url": "http://www.kb.cert.org/vuls/id/458007"}, {"source": "cve@mitre.org", "tags": ["US Government Resource"], "url": "http://www.kb.cert.org/vuls/id/BLUU-997M5B"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/bid/61169"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-287"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}