CVE-2016-5672

EPSS 0.39%
Published 01.08.2016 02:59:17
Last modified 12.04.2025 10:46:40
Source cret@cert.org
Teams watchlist Login
Open Login

Intel Crosswalk before 19.49.514.5, 20.x before 20.50.533.11, 21.x before 21.51.546.0, and 22.x before 22.51.549.0 interprets a user's acceptance of one invalid X.509 certificate to mean that all invalid X.509 certificates should be accepted without prompting, which makes it easier for man-in-the-middle attackers to spoof SSL servers and obtain sensitive information via a crafted certificate.

Affected products Warnungen 0 Metrics 3 CWE 1 References 11

Data is provided by the National Vulnerability Database (NVD)

Intel ≫ Crosswalk Version <= 19.49.514.4

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.39%	0.571

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	8.1	2.8	5.2	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N
nvd@nist.gov	5.8	8.6	4.9	AV:N/AC:M/Au:N/C:P/I:P/A:N

CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

http://packetstormsecurity.com/files/138107/Intel-Crosswalk-Project-Man-In-The-Middle.html

Third Party Advisory

VDB Entry

http://www.kb.cert.org/vuls/id/217871

Third Party Advisory

US Government Resource

http://www.securityfocus.com/archive/1/539051/100/0/threaded

http://www.securityfocus.com/bid/92199

Third Party Advisory

VDB Entry

https://blogs.intel.com/evangelists/2016/07/28/crosswalk-security-vulnerability/

Vendor Advisory