Vulnerability Description
The Google News and Weather application before 3.3.1 for Android allows remote attackers to read OAuth tokens by sniffing the network and leveraging the lack of SSL.
CVSS Score
7.5
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| News And Weather | < 3.3.1 |
Related Weaknesses (CWE)
References
- http://seclists.org/fulldisclosure/2017/Jul/36ExploitMailing ListThird Party Advisory
- http://www.securityfocus.com/bid/99892Third Party AdvisoryVDB Entry
- https://wwws.nightwatchcybersecurity.com/2017/07/18/advisory-googles-android-newExploitThird Party Advisory
- http://seclists.org/fulldisclosure/2017/Jul/36ExploitMailing ListThird Party Advisory
- http://www.securityfocus.com/bid/99892Third Party AdvisoryVDB Entry
- https://wwws.nightwatchcybersecurity.com/2017/07/18/advisory-googles-android-newExploitThird Party Advisory
FAQ
What is CVE-2017-9245?
CVE-2017-9245 is a vulnerability with a CVSS score of 7.5 (HIGH). The Google News and Weather application before 3.3.1 for Android allows remote attackers to read OAuth tokens by sniffing the network and leveraging the lack of SSL.
How severe is CVE-2017-9245?
CVE-2017-9245 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2017-9245?
Check the references section above for vendor advisories and patch information. Affected products include: Google News And Weather.