Vulnerability Description
Multiple +Message Apps (Softbank +Message App for Android prior to version 10.1.7, Softbank +Message App for iOS prior to version 1.1.23, NTT DOCOMO +Message App for Android prior to version 42.40.2800, NTT DOCOMO +Message App for iOS prior to version 1.1.23, KDDI +Message App for Android prior to version 1.0.6, and KDDI +Message App for iOS prior to version 1.1.23) do not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Kddi | \+ Message | < 1.0.6 |
| Ntttocomo | \+ Message | < 42.40.2800 |
| Softbank | \+ Message | < 10.1.7 |
| Android | - | |
| Ntt Tocomo | \+ Message | < 1.1.23 |
| Apple | Iphone Os | All versions |
Related Weaknesses (CWE)
References
- http://jvn.jp/en/jp/JVN37288228/index.htmlThird Party Advisory
- https://www.au.com/information/notice_mobile/service/2018-002/PatchVendor Advisory
- https://www.nttdocomo.co.jp/info/notice/page/180927_00.htmlPatchVendor Advisory
- https://www.softbank.jp/mobile/info/personal/news/service/20180927a/PatchVendor Advisory
- http://jvn.jp/en/jp/JVN37288228/index.htmlThird Party Advisory
- https://www.au.com/information/notice_mobile/service/2018-002/PatchVendor Advisory
- https://www.nttdocomo.co.jp/info/notice/page/180927_00.htmlPatchVendor Advisory
- https://www.softbank.jp/mobile/info/personal/news/service/20180927a/PatchVendor Advisory
FAQ
What is CVE-2018-0691?
CVE-2018-0691 is a vulnerability with a CVSS score of 5.9 (MEDIUM). Multiple +Message Apps (Softbank +Message App for Android prior to version 10.1.7, Softbank +Message App for iOS prior to version 1.1.23, NTT DOCOMO +Message App for Android prior to version 42.40.280...
How severe is CVE-2018-0691?
CVE-2018-0691 has been rated MEDIUM with a CVSS base score of 5.9/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2018-0691?
Check the references section above for vendor advisories and patch information. Affected products include: Kddi \+ Message, Ntttocomo \+ Message, Softbank \+ Message, Google Android, Ntt Tocomo \+ Message.