CVE-2024-43201

Exploit

EPSS 0.4%
Veröffentlicht 23.09.2024 20:15:04
Zuletzt bearbeitet 28.02.2025 18:15:27
Quelle 9119a7d8-5eab-497f-8521-727c67
CVE-Watchlists
Login
Unerledigt
Login

Planet Fitness Workouts mobile apps do not properly validate TLS certificates

The Planet Fitness Workouts iOS and Android mobile apps fail to properly validate TLS certificates, allowing an attacker with appropriate network access to obtain session tokens and sensitive information. Planet Fitness first addressed this vulnerability in version 9.8.12 (released on 2024-07-25) and more recently in version 9.9.13 (released on 2025-02-11).

Betroffene Produkte Warnungen 0 Metriken 4 CWE 1 Referenzen 5

NVD 1 VulnDex Vulnerability Enrichment 0

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Planetfitness ≫ Planet Fitness Workouts Version < 9.8.12

Apple ≫ iPhone OS Version-
Google ≫ Android Version-

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.4%	0.313

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	5.9	2.2	3.6	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
9119a7d8-5eab-497f-8521-727c672e3725	8.7	0	0	CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:N/AU:X/R:U/V:D/RE:L/U:Amber
9119a7d8-5eab-497f-8521-727c672e3725	8.8	2.8	5.9	CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE-295 Improper Certificate Validation

The product does not validate, or incorrectly validates, a certificate.

https://apps.apple.com/us/app/planet-fitness-workouts/id399857015

Product

https://dontvacuum.me/bugs/pf/

Third Party Advisory

Exploit

https://nvd.nist.gov/vuln/detail/CVE-2024-43201

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2024-43201

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2024-43201

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2024-43201