Vulnerability CVE-2017-9758
Published: 2017-11-09   Modified: 2017-11-10

Description:
Savitech driver packages for Windows silently install a self-signed certificate into the Trusted Root Certification Authorities store, aka "Inaudible Subversion."

Type:

CWE-295

 (Certificate Issues)

CVSS2 => (AV:N/AC:M/Au:N/C:P/I:P/A:N)

CVSS Base Score
Impact Subscore
Exploitability Subscore
5.8/10
4.9/10
8.6/10
Exploit range
Attack complexity
Authentication
Remote
Medium
No required
Confidentiality impact
Integrity impact
Availability impact
Partial
Partial
None

 References:
http://www.securityfocus.com/bid/101700
https://community.rsa.com/community/products/netwitness/blog/2017/10/27/inaudible-subversion-did-your-hi-fi-just-subvert-your-pc
https://www.kb.cert.org/vuls/id/446847
https://zeroday.hitcon.org/vulnerability/ZD-2017-00386
Copyright 2024, cxsecurity.com

 

Back to Top