CVE-2017-2278
First published: Wed Aug 02 2017(Updated: )
The RBB SPEED TEST App for Android version 2.0.3 and earlier, RBB SPEED TEST App for iOS version 2.1.0 and earlier does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
Credit: vultures@jpcert.or.jp
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Iid Rbb Speed Test | ||
| Android | <=2.0.3 | |
| iStyle @cosme iPhone OS | <=2.1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2017-2278?
The severity of CVE-2017-2278 is classified as medium due to the risk of man-in-the-middle attacks.
How do I fix CVE-2017-2278?
To fix CVE-2017-2278, upgrade to RBB SPEED TEST App for Android version 2.0.4 or later, or iOS version 2.1.1 or later.
What systems are affected by CVE-2017-2278?
CVE-2017-2278 affects RBB SPEED TEST App for Android version 2.0.3 and earlier, and iOS version 2.1.0 and earlier.
What types of attacks can exploit CVE-2017-2278?
CVE-2017-2278 can be exploited through man-in-the-middle attacks where attackers can spoof SSL servers.
What information is at risk due to CVE-2017-2278?
CVE-2017-2278 allows attackers to obtain sensitive information transmitted via the app.
- agent/references
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/last-modified-date
- agent/author
- agent/weakness
- agent/description
- agent/first-publish-date
- agent/event
- agent/source
- agent/softwarecombine
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/iid
- canonical/iid rbb speed test
- vendor/google
- canonical/android
- version/android/2.0.3
- vendor/apple
- canonical/istyle @cosme iphone os
- version/istyle @cosme iphone os/2.1