SSL Certificate Validation Flaw in ASUS HiVivo Application for ASUS Watch
CVE-2017-17945
9.1CRITICAL
Summary
The ASUS HiVivo application, prior to version 5.6.27, for ASUS Watch suffers from a lack of SSL certificate validation. This vulnerability could potentially expose users to man-in-the-middle attacks, allowing unauthorized interception of sensitive information during communication. Implementing proper SSL validation is essential to ensure secure connections and protect user data from malicious actors.
References
CVSS V3.1
Score:
9.1
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved