Vulnerability Description
Pandora iOS app prior to version 8.3.2 fails to properly validate SSL certificates provided by HTTPS connections, which may enable an attacker to conduct man-in-the-middle (MITM) attacks.
CVSS Score
8.1
HIGH
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Pandora | Pandora | < 8.3.2 |
Related Weaknesses (CWE)
References
- http://www.securityfocus.com/bid/97158Third Party AdvisoryVDB Entry
- https://exchange.xforce.ibmcloud.com/collection/XFTAS-Daily-Threat-Assessment-foThird Party AdvisoryVDB Entry
- https://www.kb.cert.org/vuls/id/342303Third Party AdvisoryUS Government Resource
- https://www.scmagazine.com/pandora-apple-app-vulnerable-to-mitm-attacks/article/Third Party Advisory
- http://www.securityfocus.com/bid/97158Third Party AdvisoryVDB Entry
- https://exchange.xforce.ibmcloud.com/collection/XFTAS-Daily-Threat-Assessment-foThird Party AdvisoryVDB Entry
- https://www.kb.cert.org/vuls/id/342303Third Party AdvisoryUS Government Resource
- https://www.scmagazine.com/pandora-apple-app-vulnerable-to-mitm-attacks/article/Third Party Advisory
FAQ
What is CVE-2017-3194?
CVE-2017-3194 is a vulnerability with a CVSS score of 8.1 (HIGH). Pandora iOS app prior to version 8.3.2 fails to properly validate SSL certificates provided by HTTPS connections, which may enable an attacker to conduct man-in-the-middle (MITM) attacks.
How severe is CVE-2017-3194?
CVE-2017-3194 has been rated HIGH with a CVSS base score of 8.1/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2017-3194?
Check the references section above for vendor advisories and patch information. Affected products include: Pandora Pandora.