Sign-up

ID

VAR-202407-2625


CVE

CVE-2019-20469


TITLE

One2Track 2019-12-08 Information Disclosure

Trust: 0.1

sources: PACKETSTORM: 179818

DESCRIPTION

An issue was discovered on One2Track 2019-12-08 devices. Confidential information is needlessly stored on the smartwatch. Audio files are stored in .amr format, in the audior directory. An attacker who has physical access can retrieve all audio files by connecting via a USB cable. ------------------------------------------ [VulnerabilityType Other] Voice conversations leaked to physical attackers. ------------------------------------------ [Vendor of Product] One2Track ------------------------------------------ [Affected Product Code Base] one2track - up to-date version as of 12-8-2019 (no exact version number) ------------------------------------------ [Affected Component] Local smartwatch storage ------------------------------------------ [Attack Type] Physical ------------------------------------------ [Impact Information Disclosure] true ------------------------------------------ [Attack Vectors] An attacker must physically have access to the One2track software. Once this access has been obtained audio messages send to the smartwatch can be retrieved from the local storage. ------------------------------------------ [Has vendor confirmed or acknowledged the vulnerability?] true ------------------------------------------ [Discoverer] Dennis van Warmerdam, Jasper Nota, Jim Blankendaal ------------------------------------------ [Reference] https://www.one2track.nl Use CVE-2019-20469

Trust: 0.99

sources: NVD: CVE-2019-20469 // PACKETSTORM: 179818

CVSS

SEVERITY

CVSSV2

CVSSV3

134c704f-9b21-4f2e-91b3-4a467353bcc0: CVE-2019-20469
value: MEDIUM

Trust: 1.0

134c704f-9b21-4f2e-91b3-4a467353bcc0: CVE-2019-20469
baseSeverity: MEDIUM
baseScore: 4.6
vectorString: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector: PHYSICAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 0.9
impactScore: 3.6
version: 3.1

Trust: 1.0

sources: NVD: CVE-2019-20469

PROBLEMTYPE DATA

problemtype:CWE-922

Trust: 1.0

sources: NVD: CVE-2019-20469

TYPE

info disclosure

Trust: 0.1

sources: PACKETSTORM: 179818

EXTERNAL IDS

db:NVDid:CVE-2019-20469

Trust: 1.2

db:OTHERid:NONE

Trust: 0.1

db:PACKETSTORMid:179818

Trust: 0.1

sources: OTHER: None // PACKETSTORM: 179818 // NVD: CVE-2019-20469

REFERENCES

url:https://www.one2track.nl

Trust: 1.1

url:https://seclists.org/fulldisclosure/2024/jul/14

Trust: 1.0

url:https://nvd.nist.gov/vuln/detail/cve-2019-20469

Trust: 0.1

sources: PACKETSTORM: 179818 // NVD: CVE-2019-20469

CREDITS

Willem Westerhof | Secura

Trust: 0.1

sources: OTHER: None

SOURCES

db:OTHERid: -
db:PACKETSTORMid:179818
db:NVDid:CVE-2019-20469

LAST UPDATE DATE

2025-01-30T21:07:41.872000+00:00


SOURCES UPDATE DATE

db:NVDid:CVE-2019-20469date:2024-11-08T19:01:03.880

SOURCES RELEASE DATE

db:OTHERid: - date:2024-07-26T13:11:06
db:PACKETSTORMid:179818date:2024-07-30T12:35:43
db:NVDid:CVE-2019-20469date:2024-11-07T21:15:05.540