Man-in-the-Middle Vulnerability in AWMS Mobile App for Android and iOS
CVE-2020-5526

5.9MEDIUM

Key Information:

Vendor: Fuji Xerox Co.,ltd.
Status: Awms Mobile App
Vendor: CVE Published:; 31 January 2020

What is CVE-2020-5526?

The AWMS Mobile App for Android and iOS lacks proper verification of X.509 certificates from servers, enabling man-in-the-middle attackers to impersonate servers. This weakness can lead to the interception of sensitive user information, as attackers may use crafted certificates to falsify identity and establish deceptive connections. Users of the app across the affected versions should prioritize security updates to mitigate this risk.

Affected Version(s)

AWMS Mobile App for Android 2.0.0 to 2.0.5 and for iOS 2.0.0 to 2.0.8

References

http://onlinesupport.fujixerox.com/processDriverForm.do?c...

x_refsource_MISC

http://jvn.jp/en/jp/JVN00014057/index.html

x_refsource_MISC

CVSS V3.1

Score:

5.9

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jan 31, 2020
Vulnerability Reserved
Jan 6, 2020

Fuji Xerox Co.,ltd.

What is CVE-2020-5526?

Affected Version(s)

References

CVSS V3.1

Timeline