Lucene search

Japan Vulnerability NotesJVN:64064138

HistoryJun 03, 2021 - 12:00 a.m.

JVN#64064138: ATOM - Smart life App vulnerable to improper server certificate verification

2021-06-0300:00:00

Japan Vulnerability Notes

jvn.jp

atom tech inc. android ios improper server certificate eavesdropping update cwe-295.

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:N/A:N

CVSS3

5.9

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

EPSS

0.001

Percentile

33.2%

JSON

ATOM - Smart life App provided by ATOM tech Inc. is vulnerable to improper server certificate verification (CWE-295).

Impact

A man-in-the-middle attack may allow an attacker to eavesdrop on an encrypted communication.

Solution

Update the Application
Update the application to the latest version according to the information provided by the developer.

Products Affected

ATOM - Smart life App for Android versions prior to 1.8.1
ATOM - Smart life App for iOS versions prior to 1.8.2

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:N/A:N

CVSS3

5.9

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

EPSS

0.001

Percentile

33.2%

JSON

Related for JVN:64064138