Man-in-the-Middle Vulnerability in Samsung Knox Identity and Access Management
CVE-2017-10963

5.9MEDIUM

Key Information:

Vendor

Samsung
Status
Knox Enterprise Mobility Management
Knox Identity Access Management
Vendor
CVE Published:
20 February 2018

What is CVE-2017-10963?

A vulnerability exists in Samsung's Knox Identity Access Management and Enterprise Mobility Management solutions, specifically version 16.11, which can be exploited by a man-in-the-middle attacker. This type of attacker can eavesdrop on network communications from a Samsung server and inject malicious content during an application's update sequence. Consequently, this allows the attacker to install unauthorized applications into the Knox container without user awareness. Once inside the container, these applications may have the capability to exfiltrate sensitive information stored within, posing a significant risk to user data integrity and security.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

References

https://gist.github.com/e96e02/12ce905e3b724954273dd7d543...
x_refsource_MISC
https://www.lgsinnovations.com/lgs-innovations-discovers-...
x_refsource_MISC

CVSS V3.1

Score:
5.9
Severity:
MEDIUM
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.