Vulnerability CVE-2016-5672


Published: 2016-07-31   Modified: 2016-08-01

Description:
Intel Crosswalk before 19.49.514.5, 20.x before 20.50.533.11, 21.x before 21.51.546.0, and 22.x before 22.51.549.0 interprets a user's acceptance of one invalid X.509 certificate to mean that all invalid X.509 certificates should be accepted without prompting, which makes it easier for man-in-the-middle attackers to spoof SSL servers and obtain sensitive information via a crafted certificate.

See advisories in our WLB2 database:
Topic
Author
Date
Med.
Intel Crosswalk Project Man-In-The-Middle
Anon
30.07.2016

Type:

CWE-310

(Cryptographic Issues)

Vendor: Intel
Product: Crosswalk 
Version: 19.49.514.4;

CVSS2 => (AV:N/AC:M/Au:N/C:P/I:P/A:N)

CVSS Base Score
Impact Subscore
Exploitability Subscore
5.8/10
4.9/10
8.6/10
Exploit range
Attack complexity
Authentication
Remote
Medium
No required
Confidentiality impact
Integrity impact
Availability impact
Partial
Partial
None

 References:
http://packetstormsecurity.com/files/138107/Intel-Crosswalk-Project-Man-In-The-Middle.html
http://www.kb.cert.org/vuls/id/217871
http://www.securityfocus.com/archive/1/539051/100/0/threaded
http://www.securityfocus.com/bid/92199
https://blogs.intel.com/evangelists/2016/07/28/crosswalk-security-vulnerability/
https://crosswalk-project.org/jira/browse/XWALK-6986
https://lists.crosswalk-project.org/pipermail/crosswalk-help/2016-July/002167.html
https://wwws.nightwatchcybersecurity.com/2016/07/29/advisory-intel-crosswalk-ssl-prompt-issue

Related CVE
CVE-2019-11129
Out of bound read/write in system firmware for Intel(R) NUC Kit may allow a privileged user to potentially enable escalation of privilege, denial of service and/or information disclosure via local access.
CVE-2019-11128
Insufficient input validation in system firmware for Intel(R) NUC Kit may allow a privileged user to potentially enable escalation of privilege, denial of service and/or information disclosure via local access.
CVE-2019-11127
Buffer overflow in system firmware for Intel(R) NUC Kit may allow a privileged user to potentially enable escalation of privilege, denial of service and/or information disclosure via local access.
CVE-2019-11126
Pointer corruption in system firmware for Intel(R) NUC Kit may allow a privileged user to potentially enable escalation of privilege, denial of service and/or information disclosure via local access.
CVE-2019-11125
Insufficient input validation in system firmware for Intel(R) NUC Kit may allow a privileged user to potentially enable escalation of privilege, denial of service and/or information disclosure via local access.
CVE-2019-11124
Out of bound read/write in system firmware for Intel(R) NUC Kit may allow a privileged user to potentially enable escalation of privilege, denial of service and/or information disclosure via local access.
CVE-2019-11123
Insufficient session validation in system firmware for Intel(R) NUC Kit may allow a privileged user to potentially enable escalation of privilege, denial of service and/or information disclosure via local access.
CVE-2019-11119
Insufficient session validation in the service API for Intel(R) RWC3 version 4.186 and before may allow an unauthenticated user to potentially enable escalation of privilege via network access.

Copyright 2019, cxsecurity.com

 

Back to Top