CVE-2018-18908

{"id": "CVE-2018-18908", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.3, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "MEDIUM", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV30": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 5.9, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 2.2}]}, "published": "2019-01-20T20:29:00.460", "references": [{"url": "https://blog.sean-wright.com/sky/", "tags": ["Exploit", "Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://blog.sean-wright.com/sky/", "tags": ["Exploit", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-319"}]}], "descriptions": [{"lang": "en", "value": "The Sky Go Desktop application 1.0.19-1 through 1.0.23-1 for Windows performs several requests over cleartext HTTP. This makes the data submitted in these requests prone to Man in The Middle (MiTM) attacks, whereby an attacker would be able to obtain the data sent in these requests. Some of the requests contain potentially sensitive information that could be useful to an attacker, such as the victim's Sky username."}, {"lang": "es", "value": "La aplicaci\u00f3n Sky Go Desktop, desde la versi\u00f3n 1.0.19-1 hasta la 1.0.23-1 para Windows, realiza varias peticiones sobre HTTP en texto claro. Esto hace que los datos introducidos en estas peticiones sean m\u00e1s propensos a ataques Man-in-the-Middle (MitM) en los que un atacante podr\u00eda obtener los datos enviados en las mismas. Algunas de las peticiones contienen informaci\u00f3n potencialmente sensible que podr\u00eda ser \u00fatil para un atacante, como puede ser el nombre de usuario de la v\u00edctima de Sky."}], "lastModified": "2024-11-21T03:56:51.310", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:sky:sky_go:*:*:*:*:*:windows:*:*", "vulnerable": true, "matchCriteriaId": "A93C86F3-6BD2-48F4-BBD1-9517B26F6EAA", "versionEndIncluding": "1.0.23-1", "versionStartIncluding": "1.0.19-1"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}