CVE-2016-5672

EPSS 0.39%
Veröffentlicht 01.08.2016 02:59:17
Zuletzt bearbeitet 12.04.2025 10:46:40
Quelle cret@cert.org
Teams Watchlist Login
Unerledigt Login

Intel Crosswalk before 19.49.514.5, 20.x before 20.50.533.11, 21.x before 21.51.546.0, and 22.x before 22.51.549.0 interprets a user's acceptance of one invalid X.509 certificate to mean that all invalid X.509 certificates should be accepted without prompting, which makes it easier for man-in-the-middle attackers to spoof SSL servers and obtain sensitive information via a crafted certificate.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 11

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Intel ≫ Crosswalk Version <= 19.49.514.4

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.39%	0.571

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	8.1	2.8	5.2	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N
nvd@nist.gov	5.8	8.6	4.9	AV:N/AC:M/Au:N/C:P/I:P/A:N

CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

http://packetstormsecurity.com/files/138107/Intel-Crosswalk-Project-Man-In-The-Middle.html

Third Party Advisory

VDB Entry

http://www.kb.cert.org/vuls/id/217871

Third Party Advisory

US Government Resource

http://www.securityfocus.com/archive/1/539051/100/0/threaded

http://www.securityfocus.com/bid/92199

Third Party Advisory

VDB Entry

https://blogs.intel.com/evangelists/2016/07/28/crosswalk-security-vulnerability/

Vendor Advisory