CVE-2017-17436 - OpenCVE

An issue was discovered in the software on Vaultek Gun Safe VT20i products. There is no encryption of the session between the Android application and the safe. The website and marketing materials advertise that this communication channel is encrypted with "Highest Level Bluetooth Encryption" and "Data transmissions are secure via AES256 bit encryption." These claims, however, are not true. Moreover, AES256 bit encryption is not supported in the Bluetooth Low Energy (BLE) standard, so it would have to be at the application level. This lack of encryption allows an individual to learn the passcode by eavesdropping on the communications between the application and the safe.

No CVSS v3.1

Attack Vector Adjacent Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Access Vector Adjacent Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

AV:A/AC:L/Au:N/C:P/I:N/A:N

Vendors & Products
CPE Configurations

Vendors	Products
Vaulteksafe	Vt20i Firmware Vt20i

Configuration 1 [-]

AND

cpe:2.3:o:vaulteksafe:vt20i_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:vaulteksafe:vt20i:-:*:*:*:*:*:*:*

References

Link	Resource
https://vaulteksafe.com/index.php/cve-2017-17435/	Mitigation Vendor Advisory
https://www.twosixlabs.com/bluesteal-popping-gatt-safes/	Third Party Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2017-12-07T00:00:00

Updated: 2017-12-12T13:57:01

Reserved: 2017-12-05T00:00:00

Link: CVE-2017-17436

JSON object: View

NVD Information

Status : Analyzed

Published: 2017-12-07T00:29:00.287

Modified: 2017-12-22T15:59:37.883

Link: CVE-2017-17436

JSON object: View

Redhat Information

No data.

CWE

CWE-326

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2017-12-06T00:00:00", "descriptions": [{"lang": "en", "value": "An issue was discovered in the software on Vaultek Gun Safe VT20i products. There is no encryption of the session between the Android application and the safe. The website and marketing materials advertise that this communication channel is encrypted with \"Highest Level Bluetooth Encryption\" and \"Data transmissions are secure via AES256 bit encryption.\" These claims, however, are not true. Moreover, AES256 bit encryption is not supported in the Bluetooth Low Energy (BLE) standard, so it would have to be at the application level. This lack of encryption allows an individual to learn the passcode by eavesdropping on the communications between the application and the safe."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-12-12T13:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://vaulteksafe.com/index.php/cve-2017-17435/"}, {"tags": ["x_refsource_MISC"], "url": "https://www.twosixlabs.com/bluesteal-popping-gatt-safes/"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2017-17436", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "An issue was discovered in the software on Vaultek Gun Safe VT20i products. There is no encryption of the session between the Android application and the safe. The website and marketing materials advertise that this communication channel is encrypted with \"Highest Level Bluetooth Encryption\" and \"Data transmissions are secure via AES256 bit encryption.\" These claims, however, are not true. Moreover, AES256 bit encryption is not supported in the Bluetooth Low Energy (BLE) standard, so it would have to be at the application level. This lack of encryption allows an individual to learn the passcode by eavesdropping on the communications between the application and the safe."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "https://vaulteksafe.com/index.php/cve-2017-17435/", "refsource": "CONFIRM", "url": "https://vaulteksafe.com/index.php/cve-2017-17435/"}, {"name": "https://www.twosixlabs.com/bluesteal-popping-gatt-safes/", "refsource": "MISC", "url": "https://www.twosixlabs.com/bluesteal-popping-gatt-safes/"}]}}}}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2017-17436", "datePublished": "2017-12-07T00:00:00", "dateReserved": "2017-12-05T00:00:00", "dateUpdated": "2017-12-12T13:57:01", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:vaulteksafe:vt20i_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "5EDBDB6F-0A1D-41A1-880F-5792AF4D192F", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:vaulteksafe:vt20i:-:*:*:*:*:*:*:*", "matchCriteriaId": "86037AA2-62CF-41E7-815D-FDA28558F0E0", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "An issue was discovered in the software on Vaultek Gun Safe VT20i products. There is no encryption of the session between the Android application and the safe. The website and marketing materials advertise that this communication channel is encrypted with \"Highest Level Bluetooth Encryption\" and \"Data transmissions are secure via AES256 bit encryption.\" These claims, however, are not true. Moreover, AES256 bit encryption is not supported in the Bluetooth Low Energy (BLE) standard, so it would have to be at the application level. This lack of encryption allows an individual to learn the passcode by eavesdropping on the communications between the application and the safe."}, {"lang": "es", "value": "Se ha descubierto una vulnerabilidad en el software en productos Vaultek Gun Safe VT20i. No se cifra la sesi\u00f3n entre la aplicaci\u00f3n de Android y la caja fuerte. Los materiales de marketing as\u00ed como el sitio web anuncian que este canal est\u00e1 cifrado con \"un cifrado Bluetooth del m\u00e1s alto nivel\" y que \"las transmisiones de datos se realizan de forma segura mediante el cifrado de bits AES256\". Sin embargo, estas afirmaciones no son ciertas. Adem\u00e1s, los cifrados de bits AES256 no son compatibles con el est\u00e1ndar Bluetooth de baja energ\u00eda (Bluetooth LE), por lo que tendr\u00eda que serlo a nivel de aplicaci\u00f3n. Esta falta de cifrado permite que un usuario aprenda el c\u00f3digo de acceso espiando las comunicaciones entre la aplicaci\u00f3n y la caja fuerte."}], "id": "CVE-2017-17436", "lastModified": "2017-12-22T15:59:37.883", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "LOW", "cvssData": {"accessComplexity": "LOW", "accessVector": "ADJACENT_NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 3.3, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:A/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 6.5, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2017-12-07T00:29:00.287", "references": [{"source": "cve@mitre.org", "tags": ["Mitigation", "Vendor Advisory"], "url": "https://vaulteksafe.com/index.php/cve-2017-17435/"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://www.twosixlabs.com/bluesteal-popping-gatt-safes/"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-326"}], "source": "nvd@nist.gov", "type": "Primary"}]}