CVE-2013-4877 — LOW (2.6) — White Hats Nepal

Vulnerability Description

The Verizon Wireless Network Extender SCS-26UC4 and SCS-2U01 does not use CAVE authentication, which makes it easier for remote attackers to obtain ESN and MIN values from arbitrary phones, and conduct cloning attacks, by sniffing the network for registration packets.

CVSS Score

2.6

LOW

AV:L/AC:H/Au:N/C:P/I:P/A:N

Confidentiality

PARTIAL

Integrity

PARTIAL

Availability

NONE

Affected Products

Vendor	Product	Versions
Verizon	Wireless Network Extender	scs-2u01

Related Weaknesses (CWE)

CWE-287

References

http://www.kb.cert.org/vuls/id/458007US Government Resource
http://www.kb.cert.org/vuls/id/BLUU-997M5BUS Government Resource
http://www.securityfocus.com/bid/61169
http://www.kb.cert.org/vuls/id/458007US Government Resource
http://www.kb.cert.org/vuls/id/BLUU-997M5BUS Government Resource
http://www.securityfocus.com/bid/61169

FAQ

What is CVE-2013-4877?

CVE-2013-4877 is a vulnerability with a CVSS score of 2.6 (LOW). The Verizon Wireless Network Extender SCS-26UC4 and SCS-2U01 does not use CAVE authentication, which makes it easier for remote attackers to obtain ESN and MIN values from arbitrary phones, and conduc...

How severe is CVE-2013-4877?

CVE-2013-4877 has been rated LOW with a CVSS base score of 2.6/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2013-4877?

Check the references section above for vendor advisories and patch information. Affected products include: Verizon Wireless Network Extender.