CVE: CVE-2016-2398 - CVE-Search

CVE Details for CVE: CVE-2016-2398

Summary

Comcast XFINITY Home Security System does not properly maintain base-station communication, which allows physically proximate attackers to defeat sensor functionality by interfering with ZigBee 2.4 GHz transmissions.

Timestamps
Last major update	04-03-2016 - 14:40
Published	17-02-2016 - 16:59
Last modified	04-03-2016 - 14:40

References

Vulnerable Configurations

cpe:2.3:o:comcast:xfinity_home_security_system:*:*:*:*:*:*:*:*
cpe:2.3:o:comcast:xfinity_home_security_system:*:*:*:*:*:*:*:*

CAPEC

Click the CAPEC title to display a description

CWE

CWE-254

CVSS

Base

3.3

Impact

2.9

Exploitability

6.5

Access

Vector	Complexity	Authentication
ADJACENT_NETWORK	LOW	NONE

Impact

Confidentiality	Integrity	Availability
NONE	NONE	PARTIAL

CVSS3

Base

6.5

Impact

3.6

Exploitability

2.8

Access

Attack Complexity	Attack vector	Privileges Required	Scope	User Interaction
LOW	ADJACENT_NETWORK	NONE	UNCHANGED	NONE

Impact

Confidentiality	Integrity	Availability
NONE	NONE	HIGH

VIA4 references

cvss-vector via4

AV:A/AC:L/Au:N/C:N/I:N/A:P

cvss3-vector via4

CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

refmap via4

cert-vn	VU#418072
misc	http://www.wired.com/2016/01/xfinitys-security-system-flaws-open-homes-to-thieves/ https://community.rapid7.com/community/infosec/blog/2016/01/05/r7-2015-23-comcast-xfinity-home-security-system-insecure-fail-open