Lucene search

[email protected]CVE-2017-9245

HistoryJul 19, 2017 - 3:29 a.m.

CVE-2017-9245

2017-07-1903:29:00

CWE-200

[email protected]

web.nvd.nist.gov

google

news

weather

android

cve-2017-9245

network security

ssl

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

7.3 High

AI Score

Confidence

High

0.003 Low

EPSS

Percentile

71.3%

JSON

The Google News and Weather application before 3.3.1 for Android allows remote attackers to read OAuth tokens by sniffing the network and leveraging the lack of SSL.

Affected configurations

NVD

Node

googlenews_and_weatherRange<3.3.1android

CPENameOperatorVersion
google:news_and_weathergoogle news and weatherlt3.3.1

CPE	Name	Operator	Version
google:news_and_weather	google news and weather	lt	3.3.1

References

seclists.org/fulldisclosure/2017/Jul/36

www.securityfocus.com/bid/99892

wwws.nightwatchcybersecurity.com/2017/07/18/advisory-googles-android-news-and-weather-app-doesnt-always-use-ssl-cve-2017-9245/

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

7.3 High

AI Score

Confidence

High

0.003 Low

EPSS

Percentile

71.3%

JSON

Related for CVE-2017-9245

cvelist1 nvd1 prion1