CVE-2017-3218

CWE-295Improper Certificate ValidationCWE-311CWE-3453 documents3 sources
Severity
8.8HIGH
EPSS
0.0%
top 95.56%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Samsung Magician
Timeline
PublishedJun 21
Latest updateMay 13

Description

Samsung Magician 5.0 fails to validate TLS certificates for HTTPS software update traffic. Prior to version 5.0, Samsung Magician uses HTTP for software updates.

CVSS vector

CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages2 packages

CVEListV5samsung/magician<5.1

🔴Vulnerability Details

2
GHSA
GHSA-7xpm-33wp-wg2w: Samsung Magician 52022-05-13
CVEList
CVE-2017-3218: Samsung Magician 52017-06-21
CVE-2017-3218 (HIGH CVSS 8.8) | Samsung Magician 5.0 fails to valid | cvebase.io