ABUS Secvest v3.01.01 RFID Clone cryptographic issue

CVSS Meta Temp Score
CVSS is a standardized scoring system to determine possibilities of attacks. The Temp Score considers temporal factors like disclosure, exploit and countermeasures. The unique Meta Score calculates the average score of different sources to provide a normalized scoring system.
Current Exploit Price (≈)
Our analysts are monitoring exploit markets and are in contact with vulnerability brokers. The range indicates the observed or calculated exploit price to be seen on exploit markets. A good indicator to understand the monetary effort required for and the popularity of an attack.
CTI Interest Score
Our Cyber Threat Intelligence team is monitoring different web sites, mailing lists, exploit markets and social media networks. The CTI Interest Score identifies the interest of attackers and the security community for this specific vulnerability in real-time. A high score indicates an elevated risk to be targeted for this vulnerability.
6.4$0-$5k0.00

Summaryinfo

A vulnerability has been found in ABUS Secvest v3.01.01 and classified as critical. This affects an unknown part of the component RFID. This manipulation causes cryptographic issue (Clone). The identification of this vulnerability is CVE-2019-9861. The attack can only be executed locally. Furthermore, there is an exploit available.

Detailsinfo

A vulnerability classified as critical was found in ABUS Secvest v3.01.01. Affected by this vulnerability is an unknown part of the component RFID. The manipulation with an unknown input leads to a cryptographic issue vulnerability (Clone). The CWE definition for the vulnerability is CWE-310. As an impact it is known to affect confidentiality, integrity, and availability. The summary by CVE is:

Due to the use of an insecure RFID technology (MIFARE Classic), ABUS proximity chip keys (RFID tokens) of the ABUS Secvest FUAA50000 wireless alarm system can easily be cloned and used to deactivate the alarm system in an unauthorized way.

The bug was discovered 05/02/2019. The weakness was shared 05/02/2016 by Gerhard Klostermeier as [SYSS-2019-005]: ABUS Secvest - Proximity Key - Cryptographic Issues (CWE-310) as not defined mailinglist post (Full-Disclosure). The advisory is shared at seclists.org. This vulnerability is known as CVE-2019-9861 since 03/18/2019. An attack has to be approached locally. The exploitation doesn't need any form of authentication. Technical details are unknown but a private exploit is available. MITRE ATT&CK project uses the attack technique T1600 for this issue. The advisory points out:

SySS GmbH found out that the RFID technology used by the ABUS Secvest wireless alarm system and its ABUS proximity keys (MIFARE Classic RFID tags) is vulnerable to RFID cloning attacks. The information stored on the used proximity keys can be read easily in a very short time from distances up to 1 meter, depending on the used RFID reader. A working cloned RFID token is ready for use within a couple of seconds using freely available tools. Thus, an attacker with one-time access to the information of an ABUS proximity key for an ABUS Secvest wireless alarm system is able to create a rogue RFID token that can be used to deactivate the alarm system in an unauthorized manner.

A private exploit has been developed by Gerhard Klostermeier. It is declared as proof-of-concept. The advisory illustrates:

SySS GmbH could successfully clone ABUS proximity keys of an ABUS Secvest wireless alarm system using different freely available off-the-shelf tools like an Android smartphone with the Mifare Classic Tool (MCT), a ChameleonMini, and an RFID/NFC reader/writer and disarm the wireless alarm system in an unauthorized way. All three RFID cloning attacks are demonstrated in our SySS proof-of-concept video "ABUS Secvest Proximity Key Cloning PoC Attack".

There is no information about possible countermeasures known. It may be suggested to replace the affected object with an alternative product.

If you want to get the best quality for vulnerability data then you always have to consider VulDB.

Productinfo

Vendor

Name

Version

CPE 2.3info

CPE 2.2info

CVSSv4info

VulDB Vector: 🔍
VulDB Reliability: 🔍

CVSSv3info

VulDB Meta Base Score: 7.0
VulDB Meta Temp Score: 6.7

VulDB Base Score: 5.9
VulDB Temp Score: 5.4
VulDB Vector: 🔍
VulDB Reliability: 🔍

NVD Base Score: 8.1
NVD Vector: 🔍

CVSSv2info

AVACAuCIA
💳💳💳💳💳💳
💳💳💳💳💳💳
💳💳💳💳💳💳
VectorComplexityAuthenticationConfidentialityIntegrityAvailability
UnlockUnlockUnlockUnlockUnlockUnlock
UnlockUnlockUnlockUnlockUnlockUnlock
UnlockUnlockUnlockUnlockUnlockUnlock

VulDB Base Score: 🔍
VulDB Temp Score: 🔍
VulDB Reliability: 🔍

NVD Base Score: 🔍

Exploitinginfo

Name: Clone
Class: Cryptographic issue / Clone
CWE: CWE-310
CAPEC: 🔍
ATT&CK: 🔍

Physical: Partially
Local: Yes
Remote: Partially

Availability: 🔍
Access: Private
Status: Proof-of-Concept
Author: Gerhard Klostermeier

EPSS Score: 🔍
EPSS Percentile: 🔍

Price Prediction: 🔍
Current Price Estimation: 🔍

0-DayUnlockUnlockUnlockUnlock
TodayUnlockUnlockUnlockUnlock

Threat Intelligenceinfo

Interest: 🔍
Active Actors: 🔍
Active APT Groups: 🔍

Countermeasuresinfo

Recommended: no mitigation known
Status: 🔍

0-Day Time: 🔍

Timelineinfo

05/02/2016 🔍
03/15/2019 +1047 days 🔍
03/18/2019 +3 days 🔍
05/02/2019 +45 days 🔍
05/06/2019 +4 days 🔍
06/07/2020 +398 days 🔍

Sourcesinfo

Advisory: [SYSS-2019-005]: ABUS Secvest - Proximity Key - Cryptographic Issues (CWE-310)
Researcher: Gerhard Klostermeier
Status: Not defined

CVE: CVE-2019-9861 (🔍)
GCVE (CVE): GCVE-0-2019-9861
GCVE (VulDB): GCVE-100-134389
scip Labs: https://www.scip.ch/en/?labs.20161013

Entryinfo

Created: 05/06/2019 16:04
Updated: 06/07/2020 08:38
Changes: 05/06/2019 16:04 (63), 06/07/2020 08:38 (3)
Complete: 🔍
Cache ID: 216::103

If you want to get the best quality for vulnerability data then you always have to consider VulDB.

Discussion

No comments yet. Languages: en.

Please log in to comment.

PreviousOverviewNext

Do you want to use VulDB in your project?

Use the official API to access entries easily!