CVE-2018-18976

{"id": "CVE-2018-18976", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 5.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV30": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 5.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "impactScore": 1.4, "exploitabilityScore": 3.9}]}, "published": "2019-05-06T20:29:00.367", "references": [{"url": "https://depthsecurity.com/blog/medical-exploitation-you-are-now-diabetic", "tags": ["Exploit", "Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://depthsecurity.com/blog/medical-exploitation-you-are-now-diabetic", "tags": ["Exploit", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-639"}]}], "descriptions": [{"lang": "en", "value": "An issue was discovered in the Ascensia Contour NEXT ONE application for iOS and Android before 2019-01-15. An attacker may retrieve encrypted medical information of any user of the Ascensia cloud platform by performing Direct Object References with a series of user ID values. (This information can be decrypted through a different vulnerability.)"}, {"lang": "es", "value": "Fue descubierto un fallo en la aplicaci\u00f3n para iOS y Android Ascensia Contour NEXT ONE antes del 15-01-2019. Un atacante podr\u00eda obtener datos m\u00e9dicos cifrados de cualquier paciente de la plataforma en la nube Ascensia realizando Referencias Directas de Objetos con una serie de valores de ID de usuario. (Esta informaci\u00f3n puede ser descifrada a trav\u00e9s de una vulnerabilidad diferente)"}], "lastModified": "2024-11-21T03:56:58.077", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:ascensia:contour_diabetes:*:*:*:*:*:iphone_os:*:*", "vulnerable": true, "matchCriteriaId": "81E00FDA-5DE8-47F6-A297-FC27A238B511", "versionEndExcluding": "2.4.30"}, {"criteria": "cpe:2.3:a:ascensia:contour_diabetes:*:*:*:*:*:android:*:*", "vulnerable": true, "matchCriteriaId": "47844740-F98D-485F-A188-FA9EDF1C88A1", "versionEndExcluding": "2.5.0"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}