← Volver a CVEs
CVE-2022-40703
MEDIUM5.2
Descripcion
CWE-302 Authentication Bypass by Assumed-Immutable Data in AliveCor Kardia App version 5.17.1-754993421 and prior on Android allows an unauthenticated attacker with physical access to the Android device containing the app to bypass application authentication and alter information in the app.
Detalles CVE
Puntuacion CVSS v3.15.2
SeveridadMEDIUM
Vector CVSSCVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:N
Vector de ataquePHYSICAL
ComplejidadLOW
Privilegios requeridosNONE
Interaccion usuarioNONE
Publicado10/26/2022
Ultima modificacion11/21/2024
Fuentenvd
Avistamientos honeypot0
Productos afectados
alivecor:kardia
Debilidades (CWE)
CWE-302CWE-287
Referencias
https://www.cisa.gov/uscert/ics/advisories/icsma-22-298-01(ics-cert@hq.dhs.gov)
https://www.cisa.gov/uscert/ics/advisories/icsma-22-298-01(af854a3a-2127-422b-91ae-364da2661108)
Correlaciones IOC
Sin correlaciones registradas
This product uses data from the NVD API but is not endorsed or certified by the NVD.