CVE-2016-2398 — MEDIUM (6.5)

Vulnerability Description

Comcast XFINITY Home Security System does not properly maintain base-station communication, which allows physically proximate attackers to defeat sensor functionality by interfering with ZigBee 2.4 GHz transmissions.

CVSS Score

6.5

MEDIUM

CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Attack Vector

ADJACENT_NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

NONE

Integrity

NONE

Availability

HIGH

Affected Products

Vendor	Product	Versions
Comcast	Xfinity Home Security System	All versions

Related Weaknesses (CWE)

CWE-254

References

http://www.kb.cert.org/vuls/id/418072Third Party AdvisoryUS Government Resource
http://www.wired.com/2016/01/xfinitys-security-system-flaws-open-homes-to-thieve
https://community.rapid7.com/community/infosec/blog/2016/01/05/r7-2015-23-comcas
http://www.kb.cert.org/vuls/id/418072Third Party AdvisoryUS Government Resource
http://www.wired.com/2016/01/xfinitys-security-system-flaws-open-homes-to-thieve
https://community.rapid7.com/community/infosec/blog/2016/01/05/r7-2015-23-comcas

FAQ

What is CVE-2016-2398?

CVE-2016-2398 is a vulnerability with a CVSS score of 6.5 (MEDIUM). Comcast XFINITY Home Security System does not properly maintain base-station communication, which allows physically proximate attackers to defeat sensor functionality by interfering with ZigBee 2.4 GH...

How severe is CVE-2016-2398?

CVE-2016-2398 has been rated MEDIUM with a CVSS base score of 6.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2016-2398?

Check the references section above for vendor advisories and patch information. Affected products include: Comcast Xfinity Home Security System.