Lucene search

[email protected]CVE-2018-5298

HistoryJan 08, 2018 - 8:29 a.m.

CVE-2018-5298

2018-01-0808:29:00

CWE-326

[email protected]

web.nvd.nist.gov

procter & gamble

oral-b app

android

aes encryption

insecure

cve-2018-5298

nvd

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

7.5 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

43.7%

JSON

In the Procter & Gamble “Oral-B App” (aka com.pg.oralb.oralbapp) application 5.0.0 for Android, AES encryption with static parameters is used to secure the locally stored shared preferences. An attacker can gain access to locally stored user data more easily by leveraging access to the preferences XML file.

Affected configurations

NVD

Node

pgoral-b_appMatch5.0.0android

CPENameOperatorVersion
pg:oral-b_apppg oral-b appeq5.0.0

CPE	Name	Operator	Version
pg:oral-b_app	pg oral-b app	eq	5.0.0

References

1337sec.blogspot.de/2018/01/auditing-oral-b-app-v500.html

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

7.5 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

43.7%

JSON

Related for CVE-2018-5298

cvelist1 prion1 nvd1