CVE-2017-2110

NVD

https://nvd.nist.gov/vuln/detail/CVE-2017-2110

CWE

https://cwe.mitre.org/data/definitions/295.html

The Access CX App for Android prior to 2.0.0.1 and for iOS prior to 2.0.2 does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

Weakness

The product does not validate, or incorrectly validates, a certificate.

Affected Software

Name	Vendor	Start Version	End Version
Access_cx	Nissan_securities	*	2.0.0.0 (including)
Access_cx	Nissan_securities	*	2.0.1 (including)

Potential Mitigations

https://cwe.mitre.org/data/definitions/459.html
https://cwe.mitre.org/data/definitions/475.html

References

http://jvn.jp/en/jp/JVN82619692/index.html
http://www.securityfocus.com/bid/96615
http://jvn.jp/en/jp/JVN82619692/index.html
http://www.securityfocus.com/bid/96615

Improper Certificate Validation

Weakness

Affected Software

Potential Mitigations

Related Attack Patterns

References