Vulnerability-Lookup

CVE-2018-8117 (GCVE-0-2018-8117)

Vulnerability from cvelistv5 – Published: 2018-04-12 01:00 – Updated: 2024-08-05 06:46

Summary

A security feature bypass vulnerability exists in the Microsoft Wireless Keyboard 850 which could allow an attacker to reuse an AES encryption key to send keystrokes to other keyboard devices or to read keystrokes sent by other keyboards for the affected devices, aka "Microsoft Wireless Keyboard 850 Security Feature Bypass Vulnerability." This affects Microsoft Wireless Keyboard 850.

Severity ?

No CVSS data available.

CWE

Security Feature Bypass

Assigner

microsoft

References

URL

Tags

	http://www.securityfocus.com/bid/103711	vdb-entryx_refsource_BID
	https://portal.msrc.microsoft.com/en-US/security-…	x_refsource_CONFIRM

Impacted products

	Vendor	Product	Version
	Microsoft	Microsoft Wireless Keyboard 850	Affected: Microsoft Wireless Keyboard 850

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T06:46:13.463Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "103711",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/103711"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8117"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Microsoft Wireless Keyboard 850",
          "vendor": "Microsoft",
          "versions": [
            {
              "status": "affected",
              "version": "Microsoft Wireless Keyboard 850"
            }
          ]
        }
      ],
      "datePublic": "2018-04-11T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "A security feature bypass vulnerability exists in the Microsoft Wireless Keyboard 850 which could allow an attacker to reuse an AES encryption key to send keystrokes to other keyboard devices or to read keystrokes sent by other keyboards for the affected devices, aka \"Microsoft Wireless Keyboard 850 Security Feature Bypass Vulnerability.\" This affects Microsoft Wireless Keyboard 850."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Security Feature Bypass",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-04-12T09:57:02",
        "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "shortName": "microsoft"
      },
      "references": [
        {
          "name": "103711",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/103711"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8117"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secure@microsoft.com",
          "ID": "CVE-2018-8117",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Microsoft Wireless Keyboard 850",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "Microsoft Wireless Keyboard 850"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Microsoft"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A security feature bypass vulnerability exists in the Microsoft Wireless Keyboard 850 which could allow an attacker to reuse an AES encryption key to send keystrokes to other keyboard devices or to read keystrokes sent by other keyboards for the affected devices, aka \"Microsoft Wireless Keyboard 850 Security Feature Bypass Vulnerability.\" This affects Microsoft Wireless Keyboard 850."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Security Feature Bypass"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "103711",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/103711"
            },
            {
              "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8117",
              "refsource": "CONFIRM",
              "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8117"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
    "assignerShortName": "microsoft",
    "cveId": "CVE-2018-8117",
    "datePublished": "2018-04-12T01:00:00",
    "dateReserved": "2018-03-14T00:00:00",
    "dateUpdated": "2024-08-05T06:46:13.463Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:h:microsoft:wireless_keyboard_850:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"2C079075-5825-4B0E-BDBC-151E6692DD8B\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"A security feature bypass vulnerability exists in the Microsoft Wireless Keyboard 850 which could allow an attacker to reuse an AES encryption key to send keystrokes to other keyboard devices or to read keystrokes sent by other keyboards for the affected devices, aka \\\"Microsoft Wireless Keyboard 850 Security Feature Bypass Vulnerability.\\\" This affects Microsoft Wireless Keyboard 850.\"}, {\"lang\": \"es\", \"value\": \"Existe una vulnerabilidad de omisi\\u00f3n de la caracter\\u00edstica de seguridad en Microsoft Wireless Keyboard 850, lo que podr\\u00eda permitir que un atacante reutilice una clave de cifrado AES para enviar las pulsaciones de teclado de otros teclados o leer las pulsaciones enviadas por otros teclados a los dispositivos afectados. Esto tambi\\u00e9n se conoce como \\\"Microsoft Wireless Keyboard 850 Security Feature Bypass Vulnerability\\\". Esto afecta a Microsoft Wireless Keyboard 850.\"}]",
      "id": "CVE-2018-8117",
      "lastModified": "2024-11-21T04:13:17.787",
      "metrics": "{\"cvssMetricV30\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.0\", \"vectorString\": \"CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N\", \"baseScore\": 6.8, \"baseSeverity\": \"MEDIUM\", \"attackVector\": \"ADJACENT_NETWORK\", \"attackComplexity\": \"HIGH\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"NONE\"}, \"exploitabilityScore\": 1.6, \"impactScore\": 5.2}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:A/AC:M/Au:N/C:C/I:C/A:N\", \"baseScore\": 7.3, \"accessVector\": \"ADJACENT_NETWORK\", \"accessComplexity\": \"MEDIUM\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"COMPLETE\", \"integrityImpact\": \"COMPLETE\", \"availabilityImpact\": \"NONE\"}, \"baseSeverity\": \"HIGH\", \"exploitabilityScore\": 5.5, \"impactScore\": 9.2, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
      "published": "2018-04-12T01:29:11.923",
      "references": "[{\"url\": \"http://www.securityfocus.com/bid/103711\", \"source\": \"secure@microsoft.com\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8117\", \"source\": \"secure@microsoft.com\", \"tags\": [\"Patch\", \"Vendor Advisory\"]}, {\"url\": \"http://www.securityfocus.com/bid/103711\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8117\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\", \"Vendor Advisory\"]}]",
      "sourceIdentifier": "secure@microsoft.com",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"NVD-CWE-noinfo\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2018-8117\",\"sourceIdentifier\":\"secure@microsoft.com\",\"published\":\"2018-04-12T01:29:11.923\",\"lastModified\":\"2024-11-21T04:13:17.787\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"A security feature bypass vulnerability exists in the Microsoft Wireless Keyboard 850 which could allow an attacker to reuse an AES encryption key to send keystrokes to other keyboard devices or to read keystrokes sent by other keyboards for the affected devices, aka \\\"Microsoft Wireless Keyboard 850 Security Feature Bypass Vulnerability.\\\" This affects Microsoft Wireless Keyboard 850.\"},{\"lang\":\"es\",\"value\":\"Existe una vulnerabilidad de omisi\u00f3n de la caracter\u00edstica de seguridad en Microsoft Wireless Keyboard 850, lo que podr\u00eda permitir que un atacante reutilice una clave de cifrado AES para enviar las pulsaciones de teclado de otros teclados o leer las pulsaciones enviadas por otros teclados a los dispositivos afectados. Esto tambi\u00e9n se conoce como \\\"Microsoft Wireless Keyboard 850 Security Feature Bypass Vulnerability\\\". Esto afecta a Microsoft Wireless Keyboard 850.\"}],\"metrics\":{\"cvssMetricV30\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N\",\"baseScore\":6.8,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"ADJACENT_NETWORK\",\"attackComplexity\":\"HIGH\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":1.6,\"impactScore\":5.2}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:A/AC:M/Au:N/C:C/I:C/A:N\",\"baseScore\":7.3,\"accessVector\":\"ADJACENT_NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"COMPLETE\",\"integrityImpact\":\"COMPLETE\",\"availabilityImpact\":\"NONE\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":5.5,\"impactScore\":9.2,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"NVD-CWE-noinfo\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:microsoft:wireless_keyboard_850:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2C079075-5825-4B0E-BDBC-151E6692DD8B\"}]}]}],\"references\":[{\"url\":\"http://www.securityfocus.com/bid/103711\",\"source\":\"secure@microsoft.com\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8117\",\"source\":\"secure@microsoft.com\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"http://www.securityfocus.com/bid/103711\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8117\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Vendor Advisory\"]}]}}"
  }
}

CERTFR-2018-AVI-181

Vulnerability from certfr_avis - Published: - Updated:

De multiples vulnérabilités ont été corrigées dans les produits Microsoft. Elles permettent à un attaquant de provoquer une atteinte à la confidentialité des données, une exécution de code à distance et un contournement de la politique de sécurité.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Microsoft	N/A	Microsoft Visual Studio 2017 Version 15.7 Preview
Microsoft	N/A	ChakraCore
Microsoft	N/A	Microsoft Visual Studio 2017 Version 15.6.6
Microsoft	N/A	Microsoft Wireless Keyboard 850
Microsoft	N/A	Microsoft Visual Studio 2010 Service Pack 1
Microsoft	N/A	Microsoft Visual Studio 2013 Update 5
Microsoft	N/A	Microsoft Visual Studio 2015 Update 3
Microsoft	N/A	Microsoft Visual Studio 2017
Microsoft	N/A	Microsoft Visual Studio 2012 Update 5

References

Title

Publication Time

Tags

Bulletin de sécurité Microsoft du 10 avril 2018

None

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Microsoft Visual Studio 2017 Version 15.7 Preview",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "ChakraCore",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Visual Studio 2017 Version 15.6.6",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Wireless Keyboard 850",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Visual Studio 2010 Service Pack 1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Visual Studio 2013 Update 5",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Visual Studio 2015 Update 3",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Visual Studio 2017",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Visual Studio 2012 Update 5",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2018-8117",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-8117"
    },
    {
      "name": "CVE-2018-0980",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-0980"
    },
    {
      "name": "CVE-2018-0993",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-0993"
    },
    {
      "name": "CVE-2018-0979",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-0979"
    },
    {
      "name": "CVE-2018-1019",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-1019"
    },
    {
      "name": "CVE-2018-0990",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-0990"
    },
    {
      "name": "CVE-2018-0994",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-0994"
    },
    {
      "name": "CVE-2018-0995",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-0995"
    },
    {
      "name": "CVE-2018-1037",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-1037"
    },
    {
      "name": "CVE-2018-1023",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-1023"
    }
  ],
  "links": [],
  "reference": "CERTFR-2018-AVI-181",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2018-04-11T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003eles produits Microsoft\u003c/span\u003e. Elles permettent \u00e0 un\nattaquant de provoquer une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es,\nune ex\u00e9cution de code \u00e0 distance et un contournement de la politique de\ns\u00e9curit\u00e9.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Microsoft",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft du 10 avril 2018",
      "url": "https://portal.msrc.microsoft.com/fr-FR/security-guidance"
    }
  ]
}

CERTFR-2018-AVI-181

Vulnerability from certfr_avis - Published: - Updated:

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Microsoft	N/A	Microsoft Visual Studio 2017 Version 15.7 Preview
Microsoft	N/A	ChakraCore
Microsoft	N/A	Microsoft Visual Studio 2017 Version 15.6.6
Microsoft	N/A	Microsoft Wireless Keyboard 850
Microsoft	N/A	Microsoft Visual Studio 2010 Service Pack 1
Microsoft	N/A	Microsoft Visual Studio 2013 Update 5
Microsoft	N/A	Microsoft Visual Studio 2015 Update 3
Microsoft	N/A	Microsoft Visual Studio 2017
Microsoft	N/A	Microsoft Visual Studio 2012 Update 5

References

Title

Publication Time

Tags

Bulletin de sécurité Microsoft du 10 avril 2018

None

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Microsoft Visual Studio 2017 Version 15.7 Preview",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "ChakraCore",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Visual Studio 2017 Version 15.6.6",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Wireless Keyboard 850",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Visual Studio 2010 Service Pack 1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Visual Studio 2013 Update 5",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Visual Studio 2015 Update 3",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Visual Studio 2017",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Visual Studio 2012 Update 5",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2018-8117",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-8117"
    },
    {
      "name": "CVE-2018-0980",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-0980"
    },
    {
      "name": "CVE-2018-0993",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-0993"
    },
    {
      "name": "CVE-2018-0979",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-0979"
    },
    {
      "name": "CVE-2018-1019",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-1019"
    },
    {
      "name": "CVE-2018-0990",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-0990"
    },
    {
      "name": "CVE-2018-0994",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-0994"
    },
    {
      "name": "CVE-2018-0995",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-0995"
    },
    {
      "name": "CVE-2018-1037",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-1037"
    },
    {
      "name": "CVE-2018-1023",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-1023"
    }
  ],
  "links": [],
  "reference": "CERTFR-2018-AVI-181",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2018-04-11T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003eles produits Microsoft\u003c/span\u003e. Elles permettent \u00e0 un\nattaquant de provoquer une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es,\nune ex\u00e9cution de code \u00e0 distance et un contournement de la politique de\ns\u00e9curit\u00e9.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Microsoft",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft du 10 avril 2018",
      "url": "https://portal.msrc.microsoft.com/fr-FR/security-guidance"
    }
  ]
}

GSD-2018-8117

Vulnerability from gsd - Updated: 2023-12-13 01:22

Details

Aliases

CVE-2018-8117

Aliases

CVE-2018-8117

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2018-8117",
    "description": "A security feature bypass vulnerability exists in the Microsoft Wireless Keyboard 850 which could allow an attacker to reuse an AES encryption key to send keystrokes to other keyboard devices or to read keystrokes sent by other keyboards for the affected devices, aka \"Microsoft Wireless Keyboard 850 Security Feature Bypass Vulnerability.\" This affects Microsoft Wireless Keyboard 850.",
    "id": "GSD-2018-8117"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2018-8117"
      ],
      "details": "A security feature bypass vulnerability exists in the Microsoft Wireless Keyboard 850 which could allow an attacker to reuse an AES encryption key to send keystrokes to other keyboard devices or to read keystrokes sent by other keyboards for the affected devices, aka \"Microsoft Wireless Keyboard 850 Security Feature Bypass Vulnerability.\" This affects Microsoft Wireless Keyboard 850.",
      "id": "GSD-2018-8117",
      "modified": "2023-12-13T01:22:34.254963Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "secure@microsoft.com",
        "ID": "CVE-2018-8117",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "Microsoft Wireless Keyboard 850",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "Microsoft Wireless Keyboard 850"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "Microsoft"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "A security feature bypass vulnerability exists in the Microsoft Wireless Keyboard 850 which could allow an attacker to reuse an AES encryption key to send keystrokes to other keyboard devices or to read keystrokes sent by other keyboards for the affected devices, aka \"Microsoft Wireless Keyboard 850 Security Feature Bypass Vulnerability.\" This affects Microsoft Wireless Keyboard 850."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "Security Feature Bypass"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "103711",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/103711"
          },
          {
            "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8117",
            "refsource": "CONFIRM",
            "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8117"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:h:microsoft:wireless_keyboard_850:-:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "secure@microsoft.com",
          "ID": "CVE-2018-8117"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "A security feature bypass vulnerability exists in the Microsoft Wireless Keyboard 850 which could allow an attacker to reuse an AES encryption key to send keystrokes to other keyboard devices or to read keystrokes sent by other keyboards for the affected devices, aka \"Microsoft Wireless Keyboard 850 Security Feature Bypass Vulnerability.\" This affects Microsoft Wireless Keyboard 850."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "NVD-CWE-noinfo"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8117",
              "refsource": "CONFIRM",
              "tags": [
                "Patch",
                "Vendor Advisory"
              ],
              "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8117"
            },
            {
              "name": "103711",
              "refsource": "BID",
              "tags": [
                "Third Party Advisory",
                "VDB Entry"
              ],
              "url": "http://www.securityfocus.com/bid/103711"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "ADJACENT_NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "NONE",
            "baseScore": 7.3,
            "confidentialityImpact": "COMPLETE",
            "integrityImpact": "COMPLETE",
            "vectorString": "AV:A/AC:M/Au:N/C:C/I:C/A:N",
            "version": "2.0"
          },
          "exploitabilityScore": 5.5,
          "impactScore": 9.2,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "HIGH",
          "userInteractionRequired": false
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "HIGH",
            "attackVector": "ADJACENT_NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 6.8,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
            "version": "3.0"
          },
          "exploitabilityScore": 1.6,
          "impactScore": 5.2
        }
      },
      "lastModifiedDate": "2019-10-03T00:03Z",
      "publishedDate": "2018-04-12T01:29Z"
    }
  }
}

GHSA-3M6P-3RC3-W9WF

Vulnerability from github – Published: 2022-05-13 01:53 – Updated: 2022-05-13 01:53

Details

Severity ?

6.8 (Medium)


                  
                    CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2018-8117"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2018-04-12T01:29:00Z",
    "severity": "HIGH"
  },
  "details": "A security feature bypass vulnerability exists in the Microsoft Wireless Keyboard 850 which could allow an attacker to reuse an AES encryption key to send keystrokes to other keyboard devices or to read keystrokes sent by other keyboards for the affected devices, aka \"Microsoft Wireless Keyboard 850 Security Feature Bypass Vulnerability.\" This affects Microsoft Wireless Keyboard 850.",
  "id": "GHSA-3m6p-3rc3-w9wf",
  "modified": "2022-05-13T01:53:31Z",
  "published": "2022-05-13T01:53:31Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-8117"
    },
    {
      "type": "WEB",
      "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8117"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/103711"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
      "type": "CVSS_V3"
    }
  ]
}

VAR-201804-1515

Vulnerability from variot - Updated: 2023-12-18 12:36

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201804-1515",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "wireless keyboard 850",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "microsoft",
        "version": null
      },
      {
        "model": "wireless keyboard 850",
        "scope": null,
        "trust": 0.8,
        "vendor": "microsoft",
        "version": null
      },
      {
        "model": "wireless keyboard",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "microsoft",
        "version": "8500"
      }
    ],
    "sources": [
      {
        "db": "BID",
        "id": "103711"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-003532"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-8117"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201804-619"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:h:microsoft:wireless_keyboard_850:-:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2018-8117"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Microsoft",
    "sources": [
      {
        "db": "BID",
        "id": "103711"
      }
    ],
    "trust": 0.3
  },
  "cve": "CVE-2018-8117",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "MEDIUM",
            "accessVector": "ADJACENT_NETWORK",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "NONE",
            "baseScore": 7.3,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 5.5,
            "impactScore": 9.2,
            "integrityImpact": "COMPLETE",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "HIGH",
            "trust": 1.0,
            "userInteractionRequired": false,
            "vectorString": "AV:A/AC:M/Au:N/C:C/I:C/A:N",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Medium",
            "accessVector": "Adjacent Network",
            "authentication": "None",
            "author": "NVD",
            "availabilityImpact": "None",
            "baseScore": 7.3,
            "confidentialityImpact": "Complete",
            "exploitabilityScore": null,
            "id": "CVE-2018-8117",
            "impactScore": null,
            "integrityImpact": "Complete",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "High",
            "trust": 0.8,
            "userInteractionRequired": null,
            "vectorString": "AV:A/AC:M/Au:N/C:C/I:C/A:N",
            "version": "2.0"
          },
          {
            "accessComplexity": "MEDIUM",
            "accessVector": "ADJACENT_NETWORK",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "NONE",
            "baseScore": 7.3,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 5.5,
            "id": "VHN-138149",
            "impactScore": 9.2,
            "integrityImpact": "COMPLETE",
            "severity": "HIGH",
            "trust": 0.1,
            "vectorString": "AV:A/AC:M/AU:N/C:C/I:C/A:N",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "HIGH",
            "attackVector": "ADJACENT_NETWORK",
            "author": "NVD",
            "availabilityImpact": "NONE",
            "baseScore": 6.8,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "exploitabilityScore": 1.6,
            "impactScore": 5.2,
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
            "version": "3.0"
          },
          {
            "attackComplexity": "High",
            "attackVector": "Adjacent Network",
            "author": "NVD",
            "availabilityImpact": "None",
            "baseScore": 6.8,
            "baseSeverity": "Medium",
            "confidentialityImpact": "High",
            "exploitabilityScore": null,
            "id": "CVE-2018-8117",
            "impactScore": null,
            "integrityImpact": "High",
            "privilegesRequired": "None",
            "scope": "Unchanged",
            "trust": 0.8,
            "userInteraction": "None",
            "vectorString": "CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2018-8117",
            "trust": 1.8,
            "value": "MEDIUM"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201804-619",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "VULHUB",
            "id": "VHN-138149",
            "trust": 0.1,
            "value": "HIGH"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-138149"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-003532"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-8117"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201804-619"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "A security feature bypass vulnerability exists in the Microsoft Wireless Keyboard 850 which could allow an attacker to reuse an AES encryption key to send keystrokes to other keyboard devices or to read keystrokes sent by other keyboards for the affected devices, aka \"Microsoft Wireless Keyboard 850 Security Feature Bypass Vulnerability.\" This affects Microsoft Wireless Keyboard 850. \nAn attacker can exploit this issue to bypass certain security restrictions and perform unauthorized actions; this may aid in launching further attacks",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2018-8117"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-003532"
      },
      {
        "db": "BID",
        "id": "103711"
      },
      {
        "db": "VULHUB",
        "id": "VHN-138149"
      }
    ],
    "trust": 1.98
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2018-8117",
        "trust": 2.8
      },
      {
        "db": "BID",
        "id": "103711",
        "trust": 2.0
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-003532",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201804-619",
        "trust": 0.6
      },
      {
        "db": "VULHUB",
        "id": "VHN-138149",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-138149"
      },
      {
        "db": "BID",
        "id": "103711"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-003532"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-8117"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201804-619"
      }
    ]
  },
  "id": "VAR-201804-1515",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-138149"
      }
    ],
    "trust": 0.01
  },
  "last_update_date": "2023-12-18T12:36:51.363000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "CVE-2018-8117 | Microsoft Wireless Keyboard 850 Security Feature Bypass Vulnerability",
        "trust": 0.8,
        "url": "https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/cve-2018-8117"
      },
      {
        "title": "CVE-2018-8117 | Microsoft Wireless Keyboard 850 \u306e\u30bb\u30ad\u30e5\u30ea\u30c6\u30a3\u6a5f\u80fd\u306e\u30d0\u30a4\u30d1\u30b9\u306e\u8106\u5f31\u6027",
        "trust": 0.8,
        "url": "https://portal.msrc.microsoft.com/ja-jp/security-guidance/advisory/cve-2018-8117"
      },
      {
        "title": "Microsoft Wireless Keyboard 850 Security vulnerabilities",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=83360"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-003532"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201804-619"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "NVD-CWE-noinfo",
        "trust": 1.0
      },
      {
        "problemtype": "CWE-310",
        "trust": 0.9
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-138149"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-003532"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-8117"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.0,
        "url": "https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/cve-2018-8117"
      },
      {
        "trust": 1.7,
        "url": "http://www.securityfocus.com/bid/103711"
      },
      {
        "trust": 0.8,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-8117"
      },
      {
        "trust": 0.8,
        "url": "https://www.ipa.go.jp/security/ciadr/vul/20180411-ms.html"
      },
      {
        "trust": 0.8,
        "url": "http://www.jpcert.or.jp/at/2018/at180016.html"
      },
      {
        "trust": 0.8,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-8117"
      },
      {
        "trust": 0.3,
        "url": "http://www.microsoft.com"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-138149"
      },
      {
        "db": "BID",
        "id": "103711"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-003532"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-8117"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201804-619"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "VULHUB",
        "id": "VHN-138149"
      },
      {
        "db": "BID",
        "id": "103711"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-003532"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-8117"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201804-619"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2018-04-12T00:00:00",
        "db": "VULHUB",
        "id": "VHN-138149"
      },
      {
        "date": "2018-04-10T00:00:00",
        "db": "BID",
        "id": "103711"
      },
      {
        "date": "2018-05-25T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2018-003532"
      },
      {
        "date": "2018-04-12T01:29:11.923000",
        "db": "NVD",
        "id": "CVE-2018-8117"
      },
      {
        "date": "2018-04-11T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201804-619"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2019-10-03T00:00:00",
        "db": "VULHUB",
        "id": "VHN-138149"
      },
      {
        "date": "2018-04-10T00:00:00",
        "db": "BID",
        "id": "103711"
      },
      {
        "date": "2018-05-25T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2018-003532"
      },
      {
        "date": "2019-10-03T00:03:26.223000",
        "db": "NVD",
        "id": "CVE-2018-8117"
      },
      {
        "date": "2019-10-23T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201804-619"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote or local",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201804-619"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Microsoft Wireless Keyboard 850 Vulnerabilities that bypass security functions",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-003532"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "encryption problem",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201804-619"
      }
    ],
    "trust": 0.6
  }
}

FKIE_CVE-2018-8117

Vulnerability from fkie_nvd - Published: 2018-04-12 01:29 - Updated: 2024-11-21 04:13

Severity ?

6.8 (Medium) - CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N

Summary

References

URL	Tags
secure@microsoft.com	http://www.securityfocus.com/bid/103711	Third Party Advisory, VDB Entry
secure@microsoft.com	https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8117	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/103711	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8117	Patch, Vendor Advisory

Impacted products

	Vendor	Product	Version
	microsoft	wireless_keyboard_850	-

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:microsoft:wireless_keyboard_850:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "2C079075-5825-4B0E-BDBC-151E6692DD8B",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "A security feature bypass vulnerability exists in the Microsoft Wireless Keyboard 850 which could allow an attacker to reuse an AES encryption key to send keystrokes to other keyboard devices or to read keystrokes sent by other keyboards for the affected devices, aka \"Microsoft Wireless Keyboard 850 Security Feature Bypass Vulnerability.\" This affects Microsoft Wireless Keyboard 850."
    },
    {
      "lang": "es",
      "value": "Existe una vulnerabilidad de omisi\u00f3n de la caracter\u00edstica de seguridad en Microsoft Wireless Keyboard 850, lo que podr\u00eda permitir que un atacante reutilice una clave de cifrado AES para enviar las pulsaciones de teclado de otros teclados o leer las pulsaciones enviadas por otros teclados a los dispositivos afectados. Esto tambi\u00e9n se conoce como \"Microsoft Wireless Keyboard 850 Security Feature Bypass Vulnerability\". Esto afecta a Microsoft Wireless Keyboard 850."
    }
  ],
  "id": "CVE-2018-8117",
  "lastModified": "2024-11-21T04:13:17.787",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "ADJACENT_NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 7.3,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:A/AC:M/Au:N/C:C/I:C/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 5.5,
        "impactScore": 9.2,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "HIGH",
          "attackVector": "ADJACENT_NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 6.8,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 1.6,
        "impactScore": 5.2,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2018-04-12T01:29:11.923",
  "references": [
    {
      "source": "secure@microsoft.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/103711"
    },
    {
      "source": "secure@microsoft.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8117"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/103711"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8117"
    }
  ],
  "sourceIdentifier": "secure@microsoft.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

CNVD-2018-09631

Vulnerability from cnvd - Published: 2018-05-16

Title

Microsoft Wireless Keyboard 850安全功能绕过漏洞

Description

Microsoft Windows是一款流行的操作系统。 Microsoft Wireless Keyboard 850在实现上存在安全功能绕过漏洞，允许本地攻击者利用漏洞提交特殊的请求，重利用AES密钥获取键盘输入信息。

Severity

低

Patch Name

Microsoft Wireless Keyboard 850安全功能绕过漏洞的补丁

Patch Description

Microsoft Windows是一款流行的操作系统。 Microsoft Wireless Keyboard 850在实现上存在安全功能绕过漏洞，允许本地攻击者利用漏洞提交特殊的请求，重利用AES密钥获取键盘输入信息。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description

用户可参考如下供应商提供的安全公告获得补丁信息： https://portal.msrc.microsoft.com/zh-cn/security-guidance/releasenotedetail/abf77563-8612-e811-a966-000d3a33a34d

Reference

https://nvd.nist.gov/vuln/detail/CVE-2018-8117

Impacted products

Name
Microsoft Wireless Keyboard 850 0

Show details on source website

JSON

To clipboard

{
  "bids": {
    "bid": {
      "bidNumber": "103711"
    }
  },
  "cves": {
    "cve": {
      "cveNumber": "CVE-2018-8117",
      "cveUrl": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8117"
    }
  },
  "description": "Microsoft Windows\u662f\u4e00\u6b3e\u6d41\u884c\u7684\u64cd\u4f5c\u7cfb\u7edf\u3002\r\n\r\nMicrosoft Wireless Keyboard 850\u5728\u5b9e\u73b0\u4e0a\u5b58\u5728\u5b89\u5168\u529f\u80fd\u7ed5\u8fc7\u6f0f\u6d1e\uff0c\u5141\u8bb8\u672c\u5730\u653b\u51fb\u8005\u5229\u7528\u6f0f\u6d1e\u63d0\u4ea4\u7279\u6b8a\u7684\u8bf7\u6c42\uff0c\u91cd\u5229\u7528AES\u5bc6\u94a5\u83b7\u53d6\u952e\u76d8\u8f93\u5165\u4fe1\u606f\u3002",
  "discovererName": "Microsoft",
  "formalWay": "\u7528\u6237\u53ef\u53c2\u8003\u5982\u4e0b\u4f9b\u5e94\u5546\u63d0\u4f9b\u7684\u5b89\u5168\u516c\u544a\u83b7\u5f97\u8865\u4e01\u4fe1\u606f\uff1a\r\nhttps://portal.msrc.microsoft.com/zh-cn/security-guidance/releasenotedetail/abf77563-8612-e811-a966-000d3a33a34d",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2018-09631",
  "openTime": "2018-05-16",
  "patchDescription": "Microsoft Windows\u662f\u4e00\u6b3e\u6d41\u884c\u7684\u64cd\u4f5c\u7cfb\u7edf\u3002\r\n\r\nMicrosoft Wireless Keyboard 850\u5728\u5b9e\u73b0\u4e0a\u5b58\u5728\u5b89\u5168\u529f\u80fd\u7ed5\u8fc7\u6f0f\u6d1e\uff0c\u5141\u8bb8\u672c\u5730\u653b\u51fb\u8005\u5229\u7528\u6f0f\u6d1e\u63d0\u4ea4\u7279\u6b8a\u7684\u8bf7\u6c42\uff0c\u91cd\u5229\u7528AES\u5bc6\u94a5\u83b7\u53d6\u952e\u76d8\u8f93\u5165\u4fe1\u606f\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Microsoft Wireless Keyboard 850\u5b89\u5168\u529f\u80fd\u7ed5\u8fc7\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": "Microsoft Wireless Keyboard 850 0"
  },
  "referenceLink": "https://nvd.nist.gov/vuln/detail/CVE-2018-8117",
  "serverity": "\u4f4e",
  "submitTime": "2018-04-16",
  "title": "Microsoft Wireless Keyboard 850\u5b89\u5168\u529f\u80fd\u7ed5\u8fc7\u6f0f\u6d1e"
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2018-8117 (GCVE-0-2018-8117)

CERTFR-2018-AVI-181

Solution

CERTFR-2018-AVI-181

Solution

GSD-2018-8117

GHSA-3M6P-3RC3-W9WF

VAR-201804-1515

FKIE_CVE-2018-8117

CNVD-2018-09631

Tags

Sightings

Nomenclature