PT-2019-15236 · Yale · Yale Bluetooth Key Application+1

Light

Published

2019-10-16

Updated

2019-10-18

CVE-2019-17627

CVSS v2.0

3.3

Low

Vector

AV:A/AC:L/Au:N/C:P/I:N/A:N

Name of the Vulnerable Software and Affected Versions Yale Bluetooth Key application (affected versions not specified) Yale ZEN-R lock (affected versions not specified)

Description The issue allows unauthorized unlock actions by sniffing Bluetooth Low Energy (BLE) traffic during one authorized unlock action, and then calculating the authentication key via simple computations on the hex digits of a valid authentication request.

Recommendations For the Yale Bluetooth Key application, at the moment, there is no information about a newer version that contains a fix for this vulnerability. For the Yale ZEN-R lock, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Improper Authentication

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-287

Related Identifiers

CVE-2019-17627

Affected Products

Yale Bluetooth Key Application

Yale Zen-R Lock

PT-2019-15236 · Yale · Yale Bluetooth Key Application+1

CVE-2019-17627

Weakness Enumeration

Related Identifiers

Affected Products

References · 2