CVE-2016-1518 - OpenCVE

The auto-provisioning mechanism in the Grandstream Wave app 1.0.1.26 and earlier for Android and Grandstream Video IP phones allows man-in-the-middle attackers to spoof provisioning data and consequently modify device functionality, obtain sensitive information from system logs, and have unspecified other impact by leveraging failure to use an HTTPS session for downloading configuration files from http://fm.grandstream.com/gs/.

No CVSS v3.1

Attack Vector Network

Attack Complexity High

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:N/AC:M/Au:N/C:P/I:P/A:P

Vendors & Products
CPE Configurations

Vendors	Products
Grandstream	Wave

Configuration 1 [-]

cpe:2.3:a:grandstream:wave:*:*:*:*:*:android:*:*

References

Link	Resource
http://packetstormsecurity.com/files/136280/Grandstream-Wave-1.0.1.26-Man-In-The-Middle.html	Third Party Advisory VDB Entry
http://www.securityfocus.com/archive/1/537818/100/0/threaded
https://rt-solutions.de/wp-content/uploads/2016/04/CVE-2016-1518-insecure-provisioning.pdf	Third Party Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: certcc

Published: 2017-04-21T20:00:00

Updated: 2018-10-09T18:57:01

Reserved: 2016-01-07T00:00:00

Link: CVE-2016-1518

JSON object: View

NVD Information

Status : Modified

Published: 2017-04-21T20:59:00.337

Modified: 2018-10-09T19:59:10.193

Link: CVE-2016-1518

JSON object: View

Redhat Information

No data.

CWE

CWE-284

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2016-03-16T00:00:00", "descriptions": [{"lang": "en", "value": "The auto-provisioning mechanism in the Grandstream Wave app 1.0.1.26 and earlier for Android and Grandstream Video IP phones allows man-in-the-middle attackers to spoof provisioning data and consequently modify device functionality, obtain sensitive information from system logs, and have unspecified other impact by leveraging failure to use an HTTPS session for downloading configuration files from http://fm.grandstream.com/gs/."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-10-09T18:57:01", "orgId": "37e5125f-f79b-445b-8fad-9564f167944b", "shortName": "certcc"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://rt-solutions.de/wp-content/uploads/2016/04/CVE-2016-1518-insecure-provisioning.pdf"}, {"name": "20160317 CVE-2016-1518: GrandStream Android VoIP Phone / App Provisioning Vulnerability", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://www.securityfocus.com/archive/1/537818/100/0/threaded"}, {"tags": ["x_refsource_MISC"], "url": "http://packetstormsecurity.com/files/136280/Grandstream-Wave-1.0.1.26-Man-In-The-Middle.html"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cert@cert.org", "ID": "CVE-2016-1518", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The auto-provisioning mechanism in the Grandstream Wave app 1.0.1.26 and earlier for Android and Grandstream Video IP phones allows man-in-the-middle attackers to spoof provisioning data and consequently modify device functionality, obtain sensitive information from system logs, and have unspecified other impact by leveraging failure to use an HTTPS session for downloading configuration files from http://fm.grandstream.com/gs/."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "https://rt-solutions.de/wp-content/uploads/2016/04/CVE-2016-1518-insecure-provisioning.pdf", "refsource": "MISC", "url": "https://rt-solutions.de/wp-content/uploads/2016/04/CVE-2016-1518-insecure-provisioning.pdf"}, {"name": "20160317 CVE-2016-1518: GrandStream Android VoIP Phone / App Provisioning Vulnerability", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/537818/100/0/threaded"}, {"name": "http://packetstormsecurity.com/files/136280/Grandstream-Wave-1.0.1.26-Man-In-The-Middle.html", "refsource": "MISC", "url": "http://packetstormsecurity.com/files/136280/Grandstream-Wave-1.0.1.26-Man-In-The-Middle.html"}]}}}}, "cveMetadata": {"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b", "assignerShortName": "certcc", "cveId": "CVE-2016-1518", "datePublished": "2017-04-21T20:00:00", "dateReserved": "2016-01-07T00:00:00", "dateUpdated": "2018-10-09T18:57:01", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:grandstream:wave:*:*:*:*:*:android:*:*", "matchCriteriaId": "DB62B04C-CA05-45D5-ABBB-7C9F19BB489A", "versionEndIncluding": "1.0.1.26", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "The auto-provisioning mechanism in the Grandstream Wave app 1.0.1.26 and earlier for Android and Grandstream Video IP phones allows man-in-the-middle attackers to spoof provisioning data and consequently modify device functionality, obtain sensitive information from system logs, and have unspecified other impact by leveraging failure to use an HTTPS session for downloading configuration files from http://fm.grandstream.com/gs/."}, {"lang": "es", "value": "El mecanismo de aprovisionamiento autom\u00e1tico en la Grandstream Wave app 1.0.1.26 y versiones anteriores para Android y tel\u00e9fonos Grandstream Video IP permite a atacantes man-in-the-middle suplantar los datos de aprovisionamiento y, en consecuencia, modificar la funcionalidad del dispositivo, obtener informaci\u00f3n sensible de los registros del sistema y otro impacto no especificado aprovechando el fallo de no utilizar una sesi\u00f3n HTTPS para descargar archivos de configuraci\u00f3n desde http://fm.grandstream.com/gs/."}], "id": "CVE-2016-1518", "lastModified": "2018-10-09T19:59:10.193", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0"}, "exploitabilityScore": 2.2, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2017-04-21T20:59:00.337", "references": [{"source": "cret@cert.org", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://packetstormsecurity.com/files/136280/Grandstream-Wave-1.0.1.26-Man-In-The-Middle.html"}, {"source": "cret@cert.org", "url": "http://www.securityfocus.com/archive/1/537818/100/0/threaded"}, {"source": "cret@cert.org", "tags": ["Third Party Advisory"], "url": "https://rt-solutions.de/wp-content/uploads/2016/04/CVE-2016-1518-insecure-provisioning.pdf"}], "sourceIdentifier": "cret@cert.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-284"}], "source": "nvd@nist.gov", "type": "Primary"}]}