19 matches found
EUVD-2017-18594
Malware in sbrugna...
EUVD-2017-4234
Malware in sbrugna...
General Motors and Shanghai OnStar iOS Client Man-in-the-Middle Attack Vulnerability
General Motors GM and Shanghai OnStar SOS iOS Client is an iOS-based application for making SOS distress calls for drivers in the event of a motor vehicle collision. A security vulnerability exists in the GM and SOS iOS Client version 7.1. The vulnerability can be exploited by an attacker to...
CVE-2017-12697
A Man-in-the-Middle issue was discovered in General Motors GM and Shanghai OnStar SOS SOS iOS Client 7.1. Successful exploitation of this vulnerability may allow an attacker to intercept sensitive information when the client connects to the server...
CVE-2017-12695
An Improper Authentication issue was discovered in General Motors GM and Shanghai OnStar SOS SOS iOS Client 7.1. Successful exploitation of this vulnerability may allow an attacker to subvert security mechanisms and reset a user account password...
CVE-2017-9663
An Cleartext Storage of Sensitive Information issue was discovered in General Motors GM and Shanghai OnStar SOS SOS iOS Client 7.1. Successful exploitation of this vulnerability may allow a remote attacker to access an encryption key that is stored in cleartext in memory...
CVE-2017-12695
An Improper Authentication issue was discovered in General Motors GM and Shanghai OnStar SOS SOS iOS Client 7.1. Successful exploitation of this vulnerability may allow an attacker to subvert security mechanisms and reset a user account password...
Design/Logic Flaw
A Man-in-the-Middle issue was discovered in General Motors GM and Shanghai OnStar SOS SOS iOS Client 7.1. Successful exploitation of this vulnerability may allow an attacker to intercept sensitive information when the client connects to the server...
CVE-2017-12697
A Man-in-the-Middle issue was discovered in General Motors GM and Shanghai OnStar SOS SOS iOS Client 7.1. Successful exploitation of this vulnerability may allow an attacker to intercept sensitive information when the client connects to the server...
Design/Logic Flaw
An Cleartext Storage of Sensitive Information issue was discovered in General Motors GM and Shanghai OnStar SOS SOS iOS Client 7.1. Successful exploitation of this vulnerability may allow a remote attacker to access an encryption key that is stored in cleartext in memory...
CVE-2017-9663
An Cleartext Storage of Sensitive Information issue was discovered in General Motors GM and Shanghai OnStar SOS SOS iOS Client 7.1. Successful exploitation of this vulnerability may allow a remote attacker to access an encryption key that is stored in cleartext in memory...
Authentication flaw
An Improper Authentication issue was discovered in General Motors GM and Shanghai OnStar SOS SOS iOS Client 7.1. Successful exploitation of this vulnerability may allow an attacker to subvert security mechanisms and reset a user account password...
CVE-2017-12695
An Improper Authentication issue was discovered in General Motors GM and Shanghai OnStar SOS SOS iOS Client 7.1. Successful exploitation of this vulnerability may allow an attacker to subvert security mechanisms and reset a user account password...
CVE-2017-9663
An Cleartext Storage of Sensitive Information issue was discovered in General Motors GM and Shanghai OnStar SOS SOS iOS Client 7.1. Successful exploitation of this vulnerability may allow a remote attacker to access an encryption key that is stored in cleartext in memory...
CVE-2017-9663
CVE-2017-9663 concerns a vulnerability in the General Motors (GM) and Shanghai OnStar SOS iOS Client (version 7.1) where a sensitive encryption key is stored in cleartext in memory. This cleartext storage of sensitive information could allow a remote attacker to access the key, with a CVSSv3 base...
CVE-2017-12697
A Man-in-the-Middle issue was discovered in General Motors GM and Shanghai OnStar SOS SOS iOS Client 7.1. Successful exploitation of this vulnerability may allow an attacker to intercept sensitive information when the client connects to the server...
CVE-2017-12695
CVE-2017-12695 affects the Shanghai OnStar iOS Client (GM SOS) version 7.1. The vulnerability is described as an Improper Authentication flaw that could allow an attacker to subvert security mechanisms and reset a user account password. Connected sources also reference related issues in the same ...
CVE-2017-12697
CVE-2017-12697 affects General Motors and Shanghai OnStar SOS iOS Client version 7.1. The connected documents describe a Man-in-the-Middle vulnerability where the client may transmit or validate data in a way that enables an attacker to intercept sensitive information when the client connects to ...
General Motors and Shanghai OnStar (SOS) iOS Client
CVSS v3 9.8 ATTENTION: Remotely exploitable/low skill level to exploit. Vendor: General Motors GM, Shanghai OnStar SOS Equipment: SOS iOS Client Vulnerabilities: Cleartext Storage of Sensitive Information, Man-in-the-Middle, Improper Authentication REPOSTED INFORMATION This advisory was originall...