Man-in-the-Middle Vulnerability in Acer Portal Application for Android
CVE-2016-5648

5.3MEDIUM

Key Information:

Vendor

Acer

Status
Acer Portal
Vendor
CVE Published:
8 June 2017

What is CVE-2016-5648?

The Acer Portal application for Android prior to version 3.9.4.2000 is vulnerable due to improper validation of SSL certificates. This weakness allows remote attackers to execute a Man-in-the-Middle (MitM) attack by presenting a malicious SSL certificate, thereby intercepting and manipulating communication between the user and the server. Such vulnerabilities can lead to the exposure of sensitive information and unauthorized access, highlighting the critical importance of secure certificate handling in mobile applications.

References

http://www.securityfocus.com/archive/1/538851/100/0/threaded
mailing-listx_refsource_BUGTRAQ
http://seclists.org/fulldisclosure/2016/Jul/17
mailing-listx_refsource_FULLDISC
http://packetstormsecurity.com/files/137775/Acer-Portal-A...
x_refsource_MISC

CVSS V3.1

Score:
5.3
Severity:
MEDIUM
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.