A weak credential vulnerability exists in Firewalla Box Software versions before 1.979. This vulnerability allows a physically close attacker to use the license UUID for authentication and provision SSH credentials over the Bluetooth Low-Energy (BTLE) interface. Once an attacker gains access to the LAN, they could log into the SSH interface using the provisioned credentials. The license UUID can be acquired through plain-text Bluetooth sniffing, reading the QR code on the bottom of the device, or brute-forcing the UUID (though this is less likely).
Metrics
Affected Vendors & Products
References
History
Wed, 21 Aug 2024 17:30:00 +0000
Type | Values Removed | Values Added |
---|---|---|
References |
|
Mon, 12 Aug 2024 20:30:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Firewalla
Firewalla box Software |
|
CPEs | cpe:2.3:a:firewalla:box_software:*:*:*:*:*:*:*:* | |
Vendors & Products |
Firewalla
Firewalla box Software |
|
Metrics |
ssvc
|
Mon, 12 Aug 2024 18:45:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | A weak credential vulnerability exists in Firewalla Box Software versions before 1.979. This vulnerability allows a physically close attacker to use the license UUID for authentication and provision SSH credentials over the Bluetooth Low-Energy (BTLE) interface. Once an attacker gains access to the LAN, they could log into the SSH interface using the provisioned credentials. The license UUID can be acquired through plain-text Bluetooth sniffing, reading the QR code on the bottom of the device, or brute-forcing the UUID (though this is less likely). | |
Title | Firewalla BTLE Weak Credentials | |
Weaknesses | CWE-1391 | |
References |
| |
Metrics |
cvssV3_1
|
MITRE
Status: PUBLISHED
Assigner: VulnCheck
Published: 2024-08-12T18:32:02.469Z
Updated: 2024-08-21T17:13:00.297Z
Reserved: 2024-07-11T17:35:29.595Z
Link: CVE-2024-40892
Vulnrichment
Updated: 2024-08-12T19:26:14.547Z
NVD
Status : Awaiting Analysis
Published: 2024-08-12T19:15:16.403
Modified: 2024-08-21T18:15:09.710
Link: CVE-2024-40892
Redhat
No data.