CVE-2017-12695

An Improper Authentication issue was discovered in General Motors (GM) and Shanghai OnStar (SOS) SOS iOS Client 7.1. Successful exploitation of this vulnerability may allow an attacker to subvert security mechanisms and reset a user account password.

CVSS v3 8.8 HIGH
CVSS v2.0 4.0 MEDIUM

8.8^/10

CVSS v3 : HIGH

Vector : AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Exploitability : 2.8 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

4.0^/10

CVSS v2.0 : MEDIUM

Vector : AV:N/AC:L/Au:S/C:N/I:P/A:N

Exploitability : 8.0 / Impact : 2.9

Access Vector NETWORK

Access Complexity LOW

Authentication SINGLE

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact NONE

References

Link	Resource
http://www.securityfocus.com/bid/102481	Third Party Advisory VDB Entry
https://ics-cert.us-cert.gov/advisories/ICSA-17-234-04	Mitigation Third Party Advisory US Government Resource

Configurations

Configuration 1 (hide)

cpe:2.3:a:gm:shanghai_onstar:7.1:*:*:*:*:iphone_os:*:*

History

No history.

Information

Published : 2018-01-09 21:29

Updated : 2024-02-28 16:04

NVD link : CVE-2017-12695

Mitre link : CVE-2017-12695

CVE.ORG link : CVE-2017-12695

JSON object : View

Products Affected

gm

shanghai_onstar

CWE

CWE-287

Improper Authentication

{"id": "CVE-2017-12695", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N", "authentication": "SINGLE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV30": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 8.8, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 2.8}]}, "published": "2018-01-09T21:29:00.267", "references": [{"url": "http://www.securityfocus.com/bid/102481", "tags": ["Third Party Advisory", "VDB Entry"], "source": "ics-cert@hq.dhs.gov"}, {"url": "https://ics-cert.us-cert.gov/advisories/ICSA-17-234-04", "tags": ["Mitigation", "Third Party Advisory", "US Government Resource"], "source": "ics-cert@hq.dhs.gov"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-287"}]}, {"type": "Secondary", "source": "ics-cert@hq.dhs.gov", "description": [{"lang": "en", "value": "CWE-287"}]}], "descriptions": [{"lang": "en", "value": "An Improper Authentication issue was discovered in General Motors (GM) and Shanghai OnStar (SOS) SOS iOS Client 7.1. Successful exploitation of this vulnerability may allow an attacker to subvert security mechanisms and reset a user account password."}, {"lang": "es", "value": "Se ha descubierto un problema de autenticaci\u00f3n indebida en General Motors (GM) y Shanghai OnStar (SOS) SOS iOS Client 7.1. La explotaci\u00f3n con \u00e9xito de esta vulnerabilidad podr\u00eda permitir que un atacante subvierta los mecanismos de seguridad y restablezca la contrase\u00f1a de una cuenta de usuario."}], "lastModified": "2019-10-09T23:23:09.373", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:gm:shanghai_onstar:7.1:*:*:*:*:iphone_os:*:*", "vulnerable": true, "matchCriteriaId": "3E5C7CE3-29A9-4F2F-AA11-A4781179BD3B"}], "operator": "OR"}]}], "sourceIdentifier": "ics-cert@hq.dhs.gov"}