CVE-2017-13105 - OpenCVE

Hi Security Virus Cleaner - Antivirus, Booster, 3.7.1.1329, 2017-09-13, Android application accepts all SSL certificates during SSL communication. This opens the application up to a man-in-the-middle attack having all of its encrypted traffic intercepted and read by an attacker.

No CVSS v3.1

Attack Vector Network

Attack Complexity High

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

AV:N/AC:M/Au:N/C:P/I:N/A:N

Vendors & Products
CPE Configurations

Vendors	Products
Hisecuritylab	Virus Cleaner

Configuration 1 [-]

cpe:2.3:a:hisecuritylab:virus_cleaner:3.7.1.1329:*:*:*:*:android:*:*

References

Link	Resource
https://www.kb.cert.org/vuls/id/787952	Third Party Advisory US Government Resource

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: certcc

Published: 2018-08-15T22:00:00

Updated: 2018-08-15T21:57:01

Reserved: 2017-08-22T00:00:00

Link: CVE-2017-13105

JSON object: View

NVD Information

Status : Modified

Published: 2018-08-15T22:29:00.887

Modified: 2019-10-09T23:23:25.420

Link: CVE-2017-13105

JSON object: View

Redhat Information

No data.

CWE

CWE-295

{"containers": {"cna": {"affected": [{"platforms": ["Android mobile"], "product": "Virus Cleaner - Antivirus, Booster", "vendor": "Hi Security Lab", "versions": [{"status": "affected", "version": "3.7.1.1329"}]}], "datePublic": "2018-08-14T00:00:00", "descriptions": [{"lang": "en", "value": "Hi Security Virus Cleaner - Antivirus, Booster, 3.7.1.1329, 2017-09-13, Android application accepts all SSL certificates during SSL communication. This opens the application up to a man-in-the-middle attack having all of its encrypted traffic intercepted and read by an attacker."}], "problemTypes": [{"descriptions": [{"cweId": "CWE-295", "description": "CWE-295", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2018-08-15T21:57:01", "orgId": "37e5125f-f79b-445b-8fad-9564f167944b", "shortName": "certcc"}, "references": [{"name": "VU#787952", "tags": ["third-party-advisory", "x_refsource_CERT-VN"], "url": "https://www.kb.cert.org/vuls/id/787952"}], "source": {"discovery": "UNKNOWN"}, "title": "Hi Security Virus Cleaner - Antivirus, Booster, 3.7.1.1329, 2017-09-13, Android application accepts all SSL certificates during SSL communication", "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cert@cert.org", "ID": "CVE-2017-13105", "STATE": "PUBLIC", "TITLE": "Hi Security Virus Cleaner - Antivirus, Booster, 3.7.1.1329, 2017-09-13, Android application accepts all SSL certificates during SSL communication"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Virus Cleaner - Antivirus, Booster", "version": {"version_data": [{"affected": "=", "platform": "Android mobile", "version_affected": "=", "version_name": "3.7.1.1329", "version_value": "3.7.1.1329"}]}}]}, "vendor_name": "Hi Security Lab"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Hi Security Virus Cleaner - Antivirus, Booster, 3.7.1.1329, 2017-09-13, Android application accepts all SSL certificates during SSL communication. This opens the application up to a man-in-the-middle attack having all of its encrypted traffic intercepted and read by an attacker."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-295"}]}]}, "references": {"reference_data": [{"name": "VU#787952", "refsource": "CERT-VN", "url": "https://www.kb.cert.org/vuls/id/787952"}]}, "source": {"discovery": "UNKNOWN"}}}}, "cveMetadata": {"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b", "assignerShortName": "certcc", "cveId": "CVE-2017-13105", "datePublished": "2018-08-15T22:00:00", "dateReserved": "2017-08-22T00:00:00", "dateUpdated": "2018-08-15T21:57:01", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:hisecuritylab:virus_cleaner:3.7.1.1329:*:*:*:*:android:*:*", "matchCriteriaId": "4D41B92C-E28C-44CE-9F99-A924698B214C", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Hi Security Virus Cleaner - Antivirus, Booster, 3.7.1.1329, 2017-09-13, Android application accepts all SSL certificates during SSL communication. This opens the application up to a man-in-the-middle attack having all of its encrypted traffic intercepted and read by an attacker."}, {"lang": "es", "value": "La aplicaci\u00f3n para Android Hi Security Virus Cleaner - Antivirus, Booster, en su versi\u00f3n 3.7.1.1329 del 2017-09-13, acepta todos los certificados SSL durante la comunicaci\u00f3n SSL. Esto deja la aplicaci\u00f3n expuesta a un ataque Man-in-the-Middle (MitM) que har\u00eda que un atacante pueda interceptar y leer todo su tr\u00e1fico cifrado."}], "id": "CVE-2017-13105", "lastModified": "2019-10-09T23:23:25.420", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.0"}, "exploitabilityScore": 2.2, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2018-08-15T22:29:00.887", "references": [{"source": "cret@cert.org", "tags": ["Third Party Advisory", "US Government Resource"], "url": "https://www.kb.cert.org/vuls/id/787952"}], "sourceIdentifier": "cret@cert.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-295"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-295"}], "source": "cret@cert.org", "type": "Secondary"}]}