Lucene search

[email protected]NVD:CVE-2017-15582

HistoryOct 27, 2017 - 8:29 p.m.

CVE-2017-15582

2017-10-2720:29:01

CWE-798

[email protected]

web.nvd.nist.gov

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

AI Score

7.4

Confidence

High

EPSS

0.002

Percentile

54.9%

JSON

In net.MCrypt in the “Diary with lock” (aka WriteDiary) application 4.72 for Android, hardcoded SecretKey and iv variables are used for the AES parameters, which makes it easier for attackers to obtain the cleartext of stored diary entries.

Affected configurations

Nvd

Node

writediarydiary_with_lockMatch4.72android

VendorProductVersionCPE
writediarydiary_with_lock4.72cpe:2.3:a:writediary:diary_with_lock:4.72:*:*:*:*:android:*:*

Vendor	Product	Version	CPE
writediary	diary_with_lock	4.72	cpe:2.3:a:writediary:diary_with_lock:4.72:::::android::

References

1337sec.blogspot.de/2017/10/auditing-writediarycom-cve-2017-15581.html

gist.github.com/anonymous/603b89f864a71426042b167cab557efa

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

AI Score

7.4

Confidence

High

EPSS

0.002

Percentile

54.9%

JSON

Related for NVD:CVE-2017-15582

cve1 prion1 cvelist1