Sign-up

ID

VAR-201906-0726


CVE

CVE-2017-17944


TITLE

Android for ASUS Vivobaby Application validation vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2017-014532

DESCRIPTION

The ASUS Vivobaby application before 1.1.09 for Android has Missing SSL Certificate Validation. ASUS Vivobaby for Android is an Android platform-based baby physiological monitor control and management application developed by China Taiwan ASUS Corporation. There is a trust management issue vulnerability in ASUS Vivobaby versions earlier than 1.1.09 based on the Android platform. This vulnerability stems from the lack of an effective trust management mechanism in network systems or products. Attackers can use default passwords or hard-coded passwords, hard-coded certificates, etc. to attack affected components

Trust: 1.71

sources: NVD: CVE-2017-17944 // JVNDB: JVNDB-2017-014532 // VULHUB: VHN-109017

AFFECTED PRODUCTS

vendor:asusmodel:hivivoscope:ltversion:5.6.27

Trust: 1.0

vendor:asusmodel:vivobabyscope:ltversion:1.1.09

Trust: 1.0

vendor:asustek computermodel:hivivoscope: - version: -

Trust: 0.8

vendor:asustek computermodel:vivobabyscope:ltversion:1.1.09

Trust: 0.8

sources: JVNDB: JVNDB-2017-014532 // NVD: CVE-2017-17944

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2017-17944
value: CRITICAL

Trust: 1.0

NVD: CVE-2017-17944
value: CRITICAL

Trust: 0.8

CNNVD: CNNVD-201906-822
value: CRITICAL

Trust: 0.6

VULHUB: VHN-109017
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2017-17944
severity: MEDIUM
baseScore: 6.4
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 4.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-109017
severity: MEDIUM
baseScore: 6.4
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 4.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2017-17944
baseSeverity: CRITICAL
baseScore: 9.1
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 5.2
version: 3.0

Trust: 1.8

sources: VULHUB: VHN-109017 // JVNDB: JVNDB-2017-014532 // CNNVD: CNNVD-201906-822 // NVD: CVE-2017-17944

PROBLEMTYPE DATA

problemtype:CWE-295

Trust: 1.9

sources: VULHUB: VHN-109017 // JVNDB: JVNDB-2017-014532 // NVD: CVE-2017-17944

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201906-822

TYPE

trust management problem

Trust: 0.6

sources: CNNVD: CNNVD-201906-822

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2017-014532

PATCH
title:ASUS Vivobabyurl:https://play.google.com/store/apps/details?id=com.asus.vivobaby&hl=ja
Trust: 0.8
title:HiVivo for ASUS VivoWatchurl:https://play.google.com/store/apps/details?id=com.hivivo.dountapp&hl=ja
Trust: 0.8
title:ASUS Vivobaby for Android Remediation measures for authorization problem vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=93971
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2017-014532 // 
            
            
            
            CNNVD: CNNVD-201906-822

EXTERNAL IDS
db:NVDid:CVE-2017-17944
Trust: 2.5
db:JVNDBid:JVNDB-2017-014532
Trust: 0.8
db:CNNVDid:CNNVD-201906-822
Trust: 0.7
db:VULHUBid:VHN-109017
Trust: 0.1
sources:
            
            
            VULHUB: VHN-109017 // 
            
            
            
            JVNDB: JVNDB-2017-014532 // 
            
            
            
            CNNVD: CNNVD-201906-822 // 
            
            
            
            NVD: CVE-2017-17944

REFERENCES
url:http://firstsight.me/2017/12/lack-of-binary-protection-at-asus-vivo-baby-and-hivivo-for-android-that-could-result-of-several-security-issues
Trust: 1.7
url:https://nvd.nist.gov/vuln/detail/cve-2017-17944
Trust: 1.4
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-17944
Trust: 0.8
url:http://firstsight.me/2017/12/lack-of-binary-protection-at-asus-vivo-baby-and-hivivo-for-android-that-could-result-of-several-security-issues/
Trust: 0.8
sources:
            
            
            VULHUB: VHN-109017 // 
            
            
            
            JVNDB: JVNDB-2017-014532 // 
            
            
            
            CNNVD: CNNVD-201906-822 // 
            
            
            
            NVD: CVE-2017-17944

SOURCES
db:VULHUBid:VHN-109017
db:JVNDBid:JVNDB-2017-014532
db:CNNVDid:CNNVD-201906-822
db:NVDid:CVE-2017-17944

LAST UPDATE DATE
2024-11-23T22:30:01.323000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-109017date:2019-06-21T00:00:00
db:JVNDBid:JVNDB-2017-014532date:2019-06-25T00:00:00
db:CNNVDid:CNNVD-201906-822date:2019-06-25T00:00:00
db:NVDid:CVE-2017-17944date:2024-11-21T03:19:01.600

SOURCES RELEASE DATE
db:VULHUBid:VHN-109017date:2019-06-20T00:00:00
db:JVNDBid:JVNDB-2017-014532date:2019-06-25T00:00:00
db:CNNVDid:CNNVD-201906-822date:2019-06-20T00:00:00
db:NVDid:CVE-2017-17944date:2019-06-20T15:15:10.537