CVE-2019-18659

The Wireless Emergency Alerts (WEA) protocol allows remote attackers to spoof a Presidential Alert because cryptographic authentication is not used, as demonstrated by MessageIdentifier 4370 in LTE System Information Block 12 (aka SIB12). NOTE: testing inside an RF-isolated shield box suggested that all LTE phones are affected by design (e.g., use of Android versus iOS does not matter); testing in an open RF environment is, of course, contraindicated.

CVSS v3 5.3 MEDIUM
CVSS v2.0 5.0 MEDIUM

5.3^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 3.9 / Impact : 1.4

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact LOW

Availability Impact NONE

Scope UNCHANGED

5.0^/10

CVSS v2.0 : MEDIUM

Vector : AV:N/AC:L/Au:N/C:N/I:P/A:N

Exploitability : 10.0 / Impact : 2.9

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact NONE

References

Link	Resource
https://dl.acm.org/citation.cfm?id=3326082	Third Party Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:ready:wireless_emergency_alerts:-:*:*:*:*:*:*:*

History

No history.

Information

Published : 2019-11-02 01:15

Updated : 2023-12-10 13:13

NVD link : CVE-2019-18659

Mitre link : CVE-2019-18659

CVE.ORG link : CVE-2019-18659

JSON object : View

Products Affected

ready

wireless_emergency_alerts

CWE

CWE-290

Authentication Bypass by Spoofing

{"id": "CVE-2019-18659", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 5.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 1.4, "exploitabilityScore": 3.9}]}, "published": "2019-11-02T01:15:10.630", "references": [{"url": "https://dl.acm.org/citation.cfm?id=3326082", "tags": ["Third Party Advisory"], "source": "cve@mitre.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-290"}]}], "descriptions": [{"lang": "en", "value": "The Wireless Emergency Alerts (WEA) protocol allows remote attackers to spoof a Presidential Alert because cryptographic authentication is not used, as demonstrated by MessageIdentifier 4370 in LTE System Information Block 12 (aka SIB12). NOTE: testing inside an RF-isolated shield box suggested that all LTE phones are affected by design (e.g., use of Android versus iOS does not matter); testing in an open RF environment is, of course, contraindicated."}, {"lang": "es", "value": "El protocolo Wireless Emergency Alerts (WEA) permite a atacantes remotos falsificar una Alerta Presidencial porque no es usada la autenticaci\u00f3n criptogr\u00e1fica, como es demostrado por MessageIdentifier 4370 en LTE System Information Block 12 (tambi\u00e9n se conoce como SIB12). NOTA: las pruebas dentro de una caja de protecci\u00f3n aislada para RF sugirieron que todos los tel\u00e9fonos LTE est\u00e1n afectados por dise\u00f1o (por ejemplo, el uso de Android versus iOS no importa); Las pruebas en un entorno abierto de RF est\u00e1n, por supuesto, contraindicadas."}], "lastModified": "2021-07-21T11:39:23.747", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:ready:wireless_emergency_alerts:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "17A702AE-5B80-4336-BC6A-97CBE295490E"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}