CVE Vulnerabilities

CVE-2017-12695

Improper Authentication

Published: Jan 09, 2018 | Modified: Oct 09, 2019
CVSS 3.x
8.8
HIGH
Source:
NVD
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVSS 2.x
4 MEDIUM
AV:N/AC:L/Au:S/C:N/I:P/A:N
RedHat/V2
RedHat/V3
Ubuntu

An Improper Authentication issue was discovered in General Motors (GM) and Shanghai OnStar (SOS) SOS iOS Client 7.1. Successful exploitation of this vulnerability may allow an attacker to subvert security mechanisms and reset a user account password.

Weakness

When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

Affected Software

Name Vendor Start Version End Version
Shanghai_onstar Gm 7.1 7.1

Potential Mitigations

References