CVE-2014-5654 — Internet Security vulnerability

CWE-3103 documents3 sources
Severity
5.4MEDIUMNVD
EPSS
0.0%
top 89.32%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Kaspersky Internet Security
Timeline
PublishedSep 9
Latest updateMay 17

Description

The Kaspersky Internet Security (aka com.kms.free) application 11.4.4.232 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

CVSS vector

AV:A/AC:M/C:P/I:P/A:PExploitability: 5.5 | Impact: 6.4

Affected Packages1 packages

🔴Vulnerability Details

2
GHSA
GHSA-q7qq-f4xj-p23m: The Kaspersky Internet Security (aka com↗2022-05-17
â–¶
CVEList
CVE-2014-5654: The Kaspersky Internet Security (aka com↗2014-09-09
â–¶
CVE-2014-5654 — Kaspersky vulnerability | cvebase