SSL Certificate Validation Flaw in Huawei Wear App for Android
CVE-2016-3677
6.5MEDIUM
Summary
The Huawei Wear App for Android, prior to version 15.0.0.307, contains a critical flaw that fails to properly validate SSL certificates. This vulnerability could allow local users to execute attacks by exploiting the lack of proper certificate validation, which potentially opens the door for unknown vectors of impact. Users of the application should take proactive measures to mitigate possible local exploitation until a patch is applied.
References
CVSS V3.1
Score:
6.5
Severity:
MEDIUM
Confidentiality:
None
Integrity:
High
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved