CVE-2018-5258

Опубликовано: 17 янв. 2018

Источник: nvd

CVSS3: 5.9

CVSS2: 4.3

EPSS Низкий

Описание

The Neon app 1.6.14 iOS does not verify X.509 certificates from SSL servers, which allows remote attackers to spoof servers and obtain sensitive information via a crafted certificate.

Ссылки

https://gist.github.com/rlaneth/d2203c206d5d5acbdaf6069e78b1d07f
Issue Tracking
Third Party Advisory
https://radialle.com/cve-2018-5258-writeup-aplicativo-do-banco-neon-para-ios-n%C3%A3o-valida-certificados-ssl-84bed0b0cecb
Third Party Advisory
https://www.tecmundo.com.br/seguranca/126192-banco-neon-falha-permite-hacker-acesse-conta-roube-dados-clientes.htm
Third Party Advisory
https://gist.github.com/rlaneth/d2203c206d5d5acbdaf6069e78b1d07f
Issue Tracking
Third Party Advisory
https://radialle.com/cve-2018-5258-writeup-aplicativo-do-banco-neon-para-ios-n%C3%A3o-valida-certificados-ssl-84bed0b0cecb
Third Party Advisory
https://www.tecmundo.com.br/seguranca/126192-banco-neon-falha-permite-hacker-acesse-conta-roube-dados-clientes.htm
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:banconeon:neon:1.6.14:*:*:*:*:iphone_os:*:*

EPSS

Процентиль: 46%

0.00231

Низкий

5.9 Medium

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-295

Связанные уязвимости

GHSA-24jx-jxxh-qrw7