Vulnerability CVE-2017-13105

Vulnerability CVE-2017-13105

Published: 2018-08-15 Modified: 2018-08-16

Description:

Hi Security Virus Cleaner - Antivirus, Booster, 3.7.1.1329, 2017-09-13, Android application accepts all SSL certificates during SSL communication. This opens the application up to a man-in-the-middle attack having all of its encrypted traffic intercepted and read by an attacker.

Type:

CWE-295

(Certificate Issues)

CVSS2 => (AV:N/AC:M/Au:N/C:P/I:N/A:N)

CVSS Base Score	Impact Subscore	Exploitability Subscore
4.3/10	2.9/10	8.6/10

Exploit range	Attack complexity	Authentication
Remote	Medium	No required
Confidentiality impact	Integrity impact	Availability impact
Partial	None	None

Affected software
Hisecuritylab -> Virus cleaner

References:

https://www.kb.cert.org/vuls/id/787952

Copyright 2024, cxsecurity.com