2.6

CVE-2013-4877

EPSS 0.9%
Veröffentlicht 18.07.2013 16:51:40
Zuletzt bearbeitet 11.04.2025 00:51:21
Quelle cve@mitre.org
CVE-Watchlists
Login
Unerledigt
Login

The Verizon Wireless Network Extender SCS-26UC4 and SCS-2U01 does not use CAVE authentication, which makes it easier for remote attackers to obtain ESN and MIN values from arbitrary phones, and conduct cloning attacks, by sniffing the network for registration packets.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 6

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Verizon ≫ Wireless Network Extender Versionscs-2u01

Verizon ≫ Wireless Network Extender Versionscs-26uc4

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.9%	0.748

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	2.6	1.9	4.9	AV:L/AC:H/Au:N/C:P/I:P/A:N

CWE-287 Improper Authentication

When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

http://www.kb.cert.org/vuls/id/458007

US Government Resource

http://www.kb.cert.org/vuls/id/BLUU-997M5B

US Government Resource

http://www.securityfocus.com/bid/61169

https://nvd.nist.gov/vuln/detail/CVE-2013-4877

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2013-4877

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2013-4877

EUVD