SSL Certificate Validation Flaw in ASUS HiVivo Application for ASUS Watch
CVE-2017-17945

9.1CRITICAL

Key Information:

Vendor

Asus
Status
Vivobaby
Hivivo
Vendor
CVE Published:
24 June 2019

What is CVE-2017-17945?

The ASUS HiVivo application, prior to version 5.6.27, for ASUS Watch suffers from a lack of SSL certificate validation. This vulnerability could potentially expose users to man-in-the-middle attacks, allowing unauthorized interception of sensitive information during communication. Implementing proper SSL validation is essential to ensure secure connections and protect user data from malicious actors.

References

http://firstsight.me/2017/12/lack-of-binary-protection-at...
x_refsource_MISC

CVSS V3.1

Score:
9.1
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.