CVE-2016-8501 - OpenCVE

Security WiFi bypass in Yandex Browser from version 15.10 to 15.12 allows remote attacker to sniff traffic in open or WEP-protected wi-fi networks despite of special security mechanism is enabled.

No CVSS v3.1

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact Low

Integrity Impact None

Availability Impact None

User Interaction None

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

AV:N/AC:L/Au:N/C:P/I:N/A:N

Vendors & Products
CPE Configurations

Vendors	Products
Yandex	Yandex Browser

Configuration 1 [-]

OR	cpe:2.3:a:yandex:yandex_browser:15.10.2454.3845:::::::*
	cpe:2.3:a:yandex:yandex_browser:15.12.0.6151:::::::*
	cpe:2.3:a:yandex:yandex_browser:15.12.1.6475:::::::*

References

Link	Resource
http://www.securityfocus.com/bid/93920	Third Party Advisory VDB Entry
https://browser.yandex.com/security/changelogs/	Release Notes Vendor Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: yandex

Published: 2016-10-26T18:00:00

Updated: 2016-11-25T19:57:01

Reserved: 2016-10-07T00:00:00

Link: CVE-2016-8501

JSON object: View

NVD Information

Status : Analyzed

Published: 2016-10-26T18:59:00.173

Modified: 2016-12-02T23:53:07.243

Link: CVE-2016-8501

JSON object: View

Redhat Information

No data.

CWE

CWE-264

{"containers": {"cna": {"affected": [{"product": "Yandex Browser for desktop Versions from 15.10 to 15.12", "vendor": "n/a", "versions": [{"status": "affected", "version": "Yandex Browser for desktop Versions from 15.10 to 15.12"}]}], "datePublic": "2016-10-25T00:00:00", "descriptions": [{"lang": "en", "value": "Security WiFi bypass in Yandex Browser from version 15.10 to 15.12 allows remote attacker to sniff traffic in open or WEP-protected wi-fi networks despite of special security mechanism is enabled."}], "problemTypes": [{"descriptions": [{"description": "Security WiFi bypass", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2016-11-25T19:57:01", "orgId": "a51c9250-e584-488d-808b-03e6f1386796", "shortName": "yandex"}, "references": [{"name": "93920", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/93920"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://browser.yandex.com/security/changelogs/"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "browser-security@yandex-team.ru", "ID": "CVE-2016-8501", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Yandex Browser for desktop Versions from 15.10 to 15.12", "version": {"version_data": [{"version_value": "Yandex Browser for desktop Versions from 15.10 to 15.12"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Security WiFi bypass in Yandex Browser from version 15.10 to 15.12 allows remote attacker to sniff traffic in open or WEP-protected wi-fi networks despite of special security mechanism is enabled."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Security WiFi bypass"}]}]}, "references": {"reference_data": [{"name": "93920", "refsource": "BID", "url": "http://www.securityfocus.com/bid/93920"}, {"name": "https://browser.yandex.com/security/changelogs/", "refsource": "CONFIRM", "url": "https://browser.yandex.com/security/changelogs/"}]}}}}, "cveMetadata": {"assignerOrgId": "a51c9250-e584-488d-808b-03e6f1386796", "assignerShortName": "yandex", "cveId": "CVE-2016-8501", "datePublished": "2016-10-26T18:00:00", "dateReserved": "2016-10-07T00:00:00", "dateUpdated": "2016-11-25T19:57:01", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:yandex:yandex_browser:15.10.2454.3845:*:*:*:*:*:*:*", "matchCriteriaId": "6FAEA553-A29E-4C0D-A27D-D1D8E1C2C2FD", "vulnerable": true}, {"criteria": "cpe:2.3:a:yandex:yandex_browser:15.12.0.6151:*:*:*:*:*:*:*", "matchCriteriaId": "728028D5-E37F-41A2-BDCF-1F700DB1C313", "vulnerable": true}, {"criteria": "cpe:2.3:a:yandex:yandex_browser:15.12.1.6475:*:*:*:*:*:*:*", "matchCriteriaId": "02ADC9FA-45D1-4D84-B330-E60D6FCF3680", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Security WiFi bypass in Yandex Browser from version 15.10 to 15.12 allows remote attacker to sniff traffic in open or WEP-protected wi-fi networks despite of special security mechanism is enabled."}, {"lang": "es", "value": "Elusi\u00f3n de Security WiFi en Yandex Browser en versiones desde 15.10 hasta 15.12 permite a atacantes remotos espiar el tr\u00e1fico en redes Wi-Fi abiertas o protegidas por WEP a pesar de que los mecanismos especiales de seguridad est\u00e9n activos."}], "id": "CVE-2016-8501", "lastModified": "2016-12-02T23:53:07.243", "metrics": {"cvssMetricV2": [{"acInsufInfo": true, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.0"}, "exploitabilityScore": 3.9, "impactScore": 1.4, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2016-10-26T18:59:00.173", "references": [{"source": "browser-security@yandex-team.ru", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/93920"}, {"source": "browser-security@yandex-team.ru", "tags": ["Release Notes", "Vendor Advisory"], "url": "https://browser.yandex.com/security/changelogs/"}], "sourceIdentifier": "browser-security@yandex-team.ru", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-264"}], "source": "nvd@nist.gov", "type": "Primary"}]}