CVE-2023-1385 - OpenCVE

Improper JPAKE implementation allows offline PIN brute-forcing due to the initialization of random values to a known value, which leads to unauthorized authentication to amzn.lightning services. This issue affects: Amazon Fire TV Stick 3rd gen versions prior to 6.2.9.5. Insignia TV with FireOS 7.6.3.3.

Attack Vector Adjacent Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

Vendors & Products
CPE Configurations

Vendors	Products
Amazon	Fire Tv Stick 3rd Gen Fire Os
Bestbuy	Insignia Tv

Configuration 1 [-]

AND

cpe:2.3:o:amazon:fire_os:*:*:*:*:*:*:*:*

cpe:2.3:h:amazon:fire_tv_stick_3rd_gen:-:*:*:*:*:*:*:*

Configuration 2 [-]

AND

cpe:2.3:o:amazon:fire_os:*:*:*:*:*:*:*:*

cpe:2.3:h:bestbuy:insignia_tv:-:*:*:*:*:*:*:*

References

Link	Resource
https://www.bitdefender.com/blog/labs/vulnerabilities-identified-amazon-fire-tv-stick-insignia-fire-os-tv-series/	Third Party Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: Bitdefender

Published: 2023-05-03T12:33:31.872Z

Updated: 2023-05-03T12:33:31.872Z

Reserved: 2023-03-14T09:59:35.119Z

Link: CVE-2023-1385

JSON object: View

NVD Information

Status : Analyzed

Published: 2023-05-03T13:15:10.290

Modified: 2023-05-12T16:07:46.433

Link: CVE-2023-1385

JSON object: View

Redhat Information

No data.

CWE

CWE-330

{"dataType": "CVE_RECORD", "dataVersion": "5.0", "cveMetadata": {"cveId": "CVE-2023-1385", "assignerOrgId": "b3d5ebe7-963e-41fb-98e1-2edaeabb8f82", "state": "PUBLISHED", "assignerShortName": "Bitdefender", "dateReserved": "2023-03-14T09:59:35.119Z", "datePublished": "2023-05-03T12:33:31.872Z", "dateUpdated": "2023-05-03T12:33:31.872Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "Fire TV Stick 3rd gen", "vendor": "Amazon", "versions": [{"status": "affected", "version": "6.2.9.4"}]}, {"defaultStatus": "unaffected", "product": "TV with FireOS ", "vendor": "Insignia", "versions": [{"status": "affected", "version": "7.6.3.2"}]}], "credits": [{"lang": "en", "type": "finder", "user": "00000000-0000-4000-9000-000000000000", "value": "Bitdefender IoT Research Team"}], "datePublic": "2023-05-02T09:00:00.000Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Improper JPAKE implementation allows offline PIN brute-forcing due to the initialization of random values to a known value, which leads to unauthorized authentication to amzn.lightning services.<br><br>This issue affects:<br><br>Amazon Fire TV Stick 3rd gen versions prior to 6.2.9.5.<br>Insignia TV with FireOS 7.6.3.3."}], "value": "Improper JPAKE implementation allows offline PIN brute-forcing due to the initialization of random values to a known value, which leads to unauthorized authentication to amzn.lightning services.\n\nThis issue affects:\n\nAmazon Fire TV Stick 3rd gen\u00a0versions prior to 6.2.9.5.\nInsignia TV with FireOS\u00a07.6.3.3."}], "impacts": [{"capecId": "CAPEC-112", "descriptions": [{"lang": "en", "value": "CAPEC-112 Brute Force"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "NONE", "baseScore": 7.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-330", "description": "CWE-330 Use of Insufficiently Random Values", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "b3d5ebe7-963e-41fb-98e1-2edaeabb8f82", "shortName": "Bitdefender", "dateUpdated": "2023-05-03T12:33:31.872Z"}, "references": [{"url": "https://www.bitdefender.com/blog/labs/vulnerabilities-identified-amazon-fire-tv-stick-insignia-fire-os-tv-series/"}], "solutions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "An automatic firmware update to the following versions fixes the issue:<br><br>Amazon Fire TV Stick 3rd gen version 6.2.9.5<br>Insignia TV with FireOS version 7.6.3.3<br>"}], "value": "An automatic firmware update to the following versions fixes the issue:\n\nAmazon Fire TV Stick 3rd gen version 6.2.9.5\nInsignia TV with FireOS version 7.6.3.3\n"}], "source": {"discovery": "UNKNOWN"}, "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}}}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:amazon:fire_os:*:*:*:*:*:*:*:*", "matchCriteriaId": "155C81F2-B65A-49BB-8546-C4BAD0E15709", "versionEndExcluding": "6.2.9.5", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:amazon:fire_tv_stick_3rd_gen:-:*:*:*:*:*:*:*", "matchCriteriaId": "B9D6A7B7-D971-4EBE-9749-C80AF6A6F0D0", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:amazon:fire_os:*:*:*:*:*:*:*:*", "matchCriteriaId": "020E0ED7-C54D-438F-B2A0-A6471400479E", "versionEndExcluding": "7.6.3.3", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:bestbuy:insignia_tv:-:*:*:*:*:*:*:*", "matchCriteriaId": "F4942064-0B54-4FEA-96E1-9B5ED7CC8E96", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "Improper JPAKE implementation allows offline PIN brute-forcing due to the initialization of random values to a known value, which leads to unauthorized authentication to amzn.lightning services.\n\nThis issue affects:\n\nAmazon Fire TV Stick 3rd gen\u00a0versions prior to 6.2.9.5.\nInsignia TV with FireOS\u00a07.6.3.3."}], "id": "CVE-2023-1385", "lastModified": "2023-05-12T16:07:46.433", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "NONE", "baseScore": 7.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 4.2, "source": "cve-requests@bitdefender.com", "type": "Secondary"}]}, "published": "2023-05-03T13:15:10.290", "references": [{"source": "cve-requests@bitdefender.com", "tags": ["Third Party Advisory"], "url": "https://www.bitdefender.com/blog/labs/vulnerabilities-identified-amazon-fire-tv-stick-insignia-fire-os-tv-series/"}], "sourceIdentifier": "cve-requests@bitdefender.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-330"}], "source": "cve-requests@bitdefender.com", "type": "Primary"}]}