CVE-2016-5057 - Vulnerability Details - OpenCVE

ReportizFlow

OSRAM SYLVANIA Osram Lightify Pro through 2016-07-26 does not use SSL pinning.

No CVSS v4.0

No CVSS v3.1

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact High

Availability Impact None

User Interaction None

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

AV:N/AC:L/Au:N/C:N/I:P/A:N

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Osram	Lightify Pro

Configuration 1 [-]

cpe:2.3:a:osram:lightify_pro:*:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://community.rapid7.com/community/infosec/blog/2016/07/26/r7-2016-10-multiple-osram-sylvania-osram-lightify-vulnerabilities-cve-2016-5051-through-5059

History

No history.

MITRE

Status: PUBLISHED

Assigner: certcc

Published: 2017-04-10T03:00:00

Updated: 2024-08-06T00:46:40.248Z

Reserved: 2016-05-26T00:00:00

Link: CVE-2016-5057

Vulnrichment

No data.

NVD

Status : Modified

Published: 2017-04-10T03:59:01.483

Modified: 2024-11-21T02:53:33.093

Link: CVE-2016-5057

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "OSRAM SYLVANIA Osram Lightify Pro through 2016-07-26", "vendor": "n/a", "versions": [{"status": "affected", "version": "OSRAM SYLVANIA Osram Lightify Pro through 2016-07-26"}]}], "datePublic": "2017-04-09T00:00:00", "descriptions": [{"lang": "en", "value": "OSRAM SYLVANIA Osram Lightify Pro through 2016-07-26 does not use SSL pinning."}], "problemTypes": [{"descriptions": [{"description": "Lack of SSL Pinning", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-04-10T02:57:02", "orgId": "37e5125f-f79b-445b-8fad-9564f167944b", "shortName": "certcc"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://community.rapid7.com/community/infosec/blog/2016/07/26/r7-2016-10-multiple-osram-sylvania-osram-lightify-vulnerabilities-cve-2016-5051-through-5059"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "[email protected]", "ID": "CVE-2016-5057", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "OSRAM SYLVANIA Osram Lightify Pro through 2016-07-26", "version": {"version_data": [{"version_value": "OSRAM SYLVANIA Osram Lightify Pro through 2016-07-26"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "OSRAM SYLVANIA Osram Lightify Pro through 2016-07-26 does not use SSL pinning."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Lack of SSL Pinning"}]}]}, "references": {"reference_data": [{"name": "https://community.rapid7.com/community/infosec/blog/2016/07/26/r7-2016-10-multiple-osram-sylvania-osram-lightify-vulnerabilities-cve-2016-5051-through-5059", "refsource": "MISC", "url": "https://community.rapid7.com/community/infosec/blog/2016/07/26/r7-2016-10-multiple-osram-sylvania-osram-lightify-vulnerabilities-cve-2016-5051-through-5059"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T00:46:40.248Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://community.rapid7.com/community/infosec/blog/2016/07/26/r7-2016-10-multiple-osram-sylvania-osram-lightify-vulnerabilities-cve-2016-5051-through-5059"}]}]}, "cveMetadata": {"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b", "assignerShortName": "certcc", "cveId": "CVE-2016-5057", "datePublished": "2017-04-10T03:00:00", "dateReserved": "2016-05-26T00:00:00", "dateUpdated": "2024-08-06T00:46:40.248Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:osram:lightify_pro:*:*:*:*:*:*:*:*", "matchCriteriaId": "4AA41DB5-4F79-4A3C-986E-00F2FC786542", "versionEndIncluding": "-", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "OSRAM SYLVANIA Osram Lightify Pro through 2016-07-26 does not use SSL pinning."}, {"lang": "es", "value": "OSRAM SYLVANIA Osram Lightify Pro hasta la versi\u00f3n 26-07-2016 no utiliza fijaci\u00f3n SSL."}], "id": "CVE-2016-5057", "lastModified": "2024-11-21T02:53:33.093", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "[email protected]", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.0"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "[email protected]", "type": "Primary"}]}, "published": "2017-04-10T03:59:01.483", "references": [{"source": "[email protected]", "tags": ["Exploit", "Mitigation", "Technical Description", "Third Party Advisory"], "url": "https://community.rapid7.com/community/infosec/blog/2016/07/26/r7-2016-10-multiple-osram-sylvania-osram-lightify-vulnerabilities-cve-2016-5051-through-5059"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Mitigation", "Technical Description", "Third Party Advisory"], "url": "https://community.rapid7.com/community/infosec/blog/2016/07/26/r7-2016-10-multiple-osram-sylvania-osram-lightify-vulnerabilities-cve-2016-5051-through-5059"}], "sourceIdentifier": "[email protected]", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-254"}], "source": "[email protected]", "type": "Primary"}]}