CVE-2018-18908 — MEDIUM (5.9)

Q: How severe is CVE-2018-18908?

CVE-2018-18908 has been rated MEDIUM with a CVSS base score of 5.9/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2018-18908?

Check the references section above for vendor advisories and patch information. Affected products include: Sky Sky Go.

Vulnerability Description

The Sky Go Desktop application 1.0.19-1 through 1.0.23-1 for Windows performs several requests over cleartext HTTP. This makes the data submitted in these requests prone to Man in The Middle (MiTM) attacks, whereby an attacker would be able to obtain the data sent in these requests. Some of the requests contain potentially sensitive information that could be useful to an attacker, such as the victim's Sky username.

CVSS Score

5.9

MEDIUM

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

NONE

Availability

NONE

Affected Products

Vendor	Product	Versions
Sky	Sky Go	>= 1.0.19-1, <= 1.0.23-1

Related Weaknesses (CWE)

CWE-319

References

https://blog.sean-wright.com/sky/ExploitThird Party Advisory
https://blog.sean-wright.com/sky/ExploitThird Party Advisory

FAQ

What is CVE-2018-18908?

CVE-2018-18908 is a vulnerability with a CVSS score of 5.9 (MEDIUM). The Sky Go Desktop application 1.0.19-1 through 1.0.23-1 for Windows performs several requests over cleartext HTTP. This makes the data submitted in these requests prone to Man in The Middle (MiTM) at...

How severe is CVE-2018-18908?

CVE-2018-18908 has been rated MEDIUM with a CVSS base score of 5.9/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2018-18908?

Check the references section above for vendor advisories and patch information. Affected products include: Sky Sky Go.