← Retour aux CVEs
CVE-2022-40703
MEDIUM5.2
Description
CWE-302 Authentication Bypass by Assumed-Immutable Data in AliveCor Kardia App version 5.17.1-754993421 and prior on Android allows an unauthenticated attacker with physical access to the Android device containing the app to bypass application authentication and alter information in the app.
Details CVE
Score CVSS v3.15.2
SeveriteMEDIUM
Vecteur CVSSCVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:N
Vecteur d'attaquePHYSICAL
ComplexiteLOW
Privileges requisNONE
Interaction utilisateurNONE
Publie10/26/2022
Derniere modification11/21/2024
Sourcenvd
Observations honeypot0
Produits affectes
alivecor:kardia
Faiblesses (CWE)
CWE-302CWE-287
References
https://www.cisa.gov/uscert/ics/advisories/icsma-22-298-01(ics-cert@hq.dhs.gov)
https://www.cisa.gov/uscert/ics/advisories/icsma-22-298-01(af854a3a-2127-422b-91ae-364da2661108)
Correlations IOC
Aucune correlation enregistree
This product uses data from the NVD API but is not endorsed or certified by the NVD.