CVE-2017-17860 Information

Description

In Samsung Gear products Bluetooth link key is updated to the different key which is same with attacker’s link key. It can be attacked without user’s intention only if attacker can reveal the Bluetooth address of target device and paired user’s smartphone

CVSS Vector

CVSS:3.0/AV:A/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Reference

https://drive.google.com/open?id=0B5L-0MoH_v7fcGljUS1SYnlkOHM

Attack Complexity

LOW

Privileges Required

NONE

User Interaction Required

NONE

Scope

REQUIRED

Confidentiality Impact

UNCHANGED

Integrity Impact

NONE

Availability Impact

NONE

Base Score

HIGH

Base Severity

5.7