CVE-2016-2268

Опубликовано: 08 фев. 2016

Источник: nvd

CVSS3: 6.8

CVSS2: 5.8

EPSS Низкий

Описание

Dell SecureWorks app before 2.1 for iOS does not validate SSL certificates, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

Ссылки

http://packetstormsecurity.com/files/135617/Dell-SecureWorks-iOS-Certificate-Validation-Failure.html
http://seclists.org/fulldisclosure/2016/Feb/27
http://www.info-sec.ca/advisories/Dell-SecureWorks.html
http://www.securityfocus.com/archive/1/537445/100/0/threaded
https://itunes.apple.com/us/app/dell-secureworks/id533072046
Patch
http://packetstormsecurity.com/files/135617/Dell-SecureWorks-iOS-Certificate-Validation-Failure.html
http://seclists.org/fulldisclosure/2016/Feb/27
http://www.info-sec.ca/advisories/Dell-SecureWorks.html
http://www.securityfocus.com/archive/1/537445/100/0/threaded
https://itunes.apple.com/us/app/dell-secureworks/id533072046
Patch

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:dell:secureworks:2.0.6:*:*:*:*:iphone_os:*:*

EPSS

Процентиль: 38%

0.00168

Низкий

6.8 Medium

CVSS3

5.8 Medium

CVSS2

Дефекты

CWE-310

Связанные уязвимости

GHSA-mqp7-mpjg-72pw