Описание
Acer Portal app before 3.9.4.2000 for Android does not properly validate SSL certificates, which allows remote attackers to perform a Man-in-the-middle attack via a crafted SSL certificate.
Ссылки
- ExploitThird Party AdvisoryVDB Entry
- Mailing ListThird Party Advisory
- Third Party AdvisoryUS Government Resource
- ExploitThird Party AdvisoryVDB Entry
- Mailing ListThird Party Advisory
- Third Party AdvisoryUS Government Resource
Уязвимые конфигурации
Конфигурация 1Версия до 3.9.3.2006 (включая)
cpe:2.3:a:acer:acer_portal:*:*:*:*:*:android:*:*
EPSS
Процентиль: 80%
0.01335
Низкий
5.3 Medium
CVSS3
4.3 Medium
CVSS2
Дефекты
CWE-295
Связанные уязвимости
CVSS3: 5.3
github
больше 3 лет назад
Acer Portal app before 3.9.4.2000 for Android does not properly validate SSL certificates, which allows remote attackers to perform a Man-in-the-middle attack via a crafted SSL certificate.
EPSS
Процентиль: 80%
0.01335
Низкий
5.3 Medium
CVSS3
4.3 Medium
CVSS2
Дефекты
CWE-295