CVE-2018-17612 — Improper Certificate Validation in Microsoft Windows 10

CWE-295 — Improper Certificate Validation4 documents4 sources

Severity

7.5HIGHNVD

EPSS

0.7%

top 27.52%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Microsoft Windows 10 Microsoft Windows Server 2008 Microsoft Windows Server 2012 +2 more

Timeline

PublishedNov 9

Latest updateJan 13

Description

Sennheiser HeadSetup 7.3.4903 places Certification Authority (CA) certificates into the Trusted Root CA store of the local system, and publishes the private key in the SennComCCKey.pem file within the public software distribution, which allows remote attackers to spoof arbitrary web sites or software publishers for several years, even if the HeadSetup product is uninstalled. NOTE: a vulnerability-assessment approach must check all Windows systems for CA certificates with a CN of 127.0.0.1 or Sen…

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:NExploitability: 3.9 | Impact: 3.6

Affected Packages3 packages

▶NVDsennheiser/headsetup7.3.4903

▶NVDmicrosoft/windowsr2, 1709, 1803+2

▶NVDmicrosoft/windows_105 versions+4

Patches

Patch: portal.msrc.microsoft.com ↗Patch: portal.msrc.microsoft.com ↗

🔴Vulnerability Details

GHSA

GHSA-c4fc-cx58-4v39: Sennheiser HeadSetup 7↗2022-05-14

▶

💥Exploits & PoCs

Exploit-DB

Hot Scripts Clone - 'subctid' SQL Injection↗2018-01-28

▶

📄Research Papers

arXiv

Now Let's Make It Physical: Enabling Physically Trusted Certificate Issuance for Keyless Security in CAs↗2025-01-13

▶