Sign-up

ID

VAR-202001-1350


CVE

CVE-2014-5380


TITLE

Grand MA 300 Vulnerable to sending important information in the clear

Trust: 0.8

sources: JVNDB: JVNDB-2014-008816

DESCRIPTION

Grand MA 300 allows retrieval of the access PIN from sniffed data. Grand MA 300 Contains a vulnerability in sending sensitive information in the clear.Information may be obtained. The Grand MA 300 has a security hole in which the program fails to encrypt the pin in the network and wigand communication, allowing the attacker to sniff sensitive information and allow the attacker to brute force the PIN. Attackers can exploit these issues to disclose the access pin by sniffing network traffic or perform brute-force attacks on pin to gain unauthorized access. This may aid in other attacks

Trust: 2.43

sources: NVD: CVE-2014-5380 // JVNDB: JVNDB-2014-008816 // CNVD: CNVD-2014-05306 // BID: 69390

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2014-05306

AFFECTED PRODUCTS

vendor:grandingmodel:grand ma300scope:eqversion:6.60

Trust: 1.0

vendor:grandingmodel:grand ma 300scope: - version: -

Trust: 0.8

vendor:grandingmodel:grand ma 300/id withscope:eqversion:6.60

Trust: 0.6

sources: CNVD: CNVD-2014-05306 // JVNDB: JVNDB-2014-008816 // NVD: CVE-2014-5380

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2014-5380
value: HIGH

Trust: 1.0

NVD: CVE-2014-5380
value: HIGH

Trust: 0.8

CNVD: CNVD-2014-05306
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-202001-413
value: HIGH

Trust: 0.6

nvd@nist.gov: CVE-2014-5380
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2014-05306
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2014-5380
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 3.6
version: 3.1

Trust: 1.0

NVD: CVE-2014-5380
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2014-05306 // JVNDB: JVNDB-2014-008816 // CNNVD: CNNVD-202001-413 // NVD: CVE-2014-5380

PROBLEMTYPE DATA

problemtype:CWE-319

Trust: 1.8

sources: JVNDB: JVNDB-2014-008816 // NVD: CVE-2014-5380

THREAT TYPE

network

Trust: 0.3

sources: BID: 69390

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202001-413

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2014-008816

PATCH
title:Top Pageurl:https://www.granding.com/home.html
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2014-008816

EXTERNAL IDS
db:NVDid:CVE-2014-5380
Trust: 3.3
db:BIDid:69390
Trust: 2.5
db:PACKETSTORMid:128003
Trust: 2.4
db:JVNDBid:JVNDB-2014-008816
Trust: 0.8
db:CNVDid:CNVD-2014-05306
Trust: 0.6
db:CNNVDid:CNNVD-202001-413
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2014-05306 // 
            
            
            
            BID: 69390 // 
            
            
            
            JVNDB: JVNDB-2014-008816 // 
            
            
            
            CNNVD: CNNVD-202001-413 // 
            
            
            
            NVD: CVE-2014-5380

REFERENCES
url:http://packetstormsecurity.com/files/128003/grand-ma-300-fingerprint-reader-weak-pin-verification.html
Trust: 2.4
url:http://seclists.org/fulldisclosure/2014/aug/70
Trust: 2.2
url:http://www.securityfocus.com/bid/69390
Trust: 1.6
url:https://exchange.xforce.ibmcloud.com/vulnerabilities/95484
Trust: 1.6
url:https://nvd.nist.gov/vuln/detail/cve-2014-5380
Trust: 1.4
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-5380
Trust: 0.8
sources:
            
            
            CNVD: CNVD-2014-05306 // 
            
            
            
            JVNDB: JVNDB-2014-008816 // 
            
            
            
            CNNVD: CNNVD-202001-413 // 
            
            
            
            NVD: CVE-2014-5380

CREDITS
LSE Leading Security Experts GmbH Eric Sesterhenn
Trust: 0.3
sources:
            
            
            BID: 69390

SOURCES
db:CNVDid:CNVD-2014-05306
db:BIDid:69390
db:JVNDBid:JVNDB-2014-008816
db:CNNVDid:CNNVD-202001-413
db:NVDid:CVE-2014-5380

LAST UPDATE DATE
2024-11-23T22:05:49.993000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2014-05306date:2014-08-29T00:00:00
db:BIDid:69390date:2014-08-26T00:00:00
db:JVNDBid:JVNDB-2014-008816date:2020-02-06T00:00:00
db:CNNVDid:CNNVD-202001-413date:2023-05-25T00:00:00
db:NVDid:CVE-2014-5380date:2024-11-21T02:11:56.497

SOURCES RELEASE DATE
db:CNVDid:CNVD-2014-05306date:2014-08-29T00:00:00
db:BIDid:69390date:2014-08-26T00:00:00
db:JVNDBid:JVNDB-2014-008816date:2020-02-06T00:00:00
db:CNNVDid:CNNVD-202001-413date:2020-01-13T00:00:00
db:NVDid:CVE-2014-5380date:2020-01-13T13:15:11.973