nvd-json-data-feeds/CVE-2017/CVE-2017-52xx/CVE-2017-5250.json

{
  "id": "CVE-2017-5250",
  "sourceIdentifier": "cve@rapid7.con",
  "published": "2018-02-22T16:29:00.310",
  "lastModified": "2019-10-09T23:28:15.620",
  "vulnStatus": "Modified",
  "descriptions": [
    {
      "lang": "en",
      "value": "In version 1.9.7 and prior of Insteon's Insteon for Hub Android app, the OAuth token used by the app to authorize user access is not stored in an encrypted and secure manner."
    },
    {
      "lang": "es",
      "value": "En la versi\u00f3n 1.9.7 y anteriores de la aplicaci\u00f3n para Android Insteon for Hub de Insteon, el token OAuth empleado por la app para autorizar el acceso de los usuarios no se almacena de forma cifrada y segura."
    }
  ],
  "metrics": {
    "cvssMetricV30": [
      {
        "source": "nvd@nist.gov",
        "type": "Primary",
        "cvssData": {
          "version": "3.0",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "attackVector": "NETWORK",
          "attackComplexity": "LOW",
          "privilegesRequired": "NONE",
          "userInteraction": "NONE",
          "scope": "UNCHANGED",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "availabilityImpact": "HIGH",
          "baseScore": 9.8,
          "baseSeverity": "CRITICAL"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 5.9
      }
    ],
    "cvssMetricV2": [
      {
        "source": "nvd@nist.gov",
        "type": "Primary",
        "cvssData": {
          "version": "2.0",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
          "accessVector": "NETWORK",
          "accessComplexity": "LOW",
          "authentication": "NONE",
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 5.0
        },
        "baseSeverity": "MEDIUM",
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "acInsufInfo": false,
        "obtainAllPrivilege": false,
        "obtainUserPrivilege": false,
        "obtainOtherPrivilege": false,
        "userInteractionRequired": false
      }
    ]
  },
  "weaknesses": [
    {
      "source": "nvd@nist.gov",
      "type": "Primary",
      "description": [
        {
          "lang": "en",
          "value": "CWE-312"
        },
        {
          "lang": "en",
          "value": "CWE-922"
        }
      ]
    },
    {
      "source": "cve@rapid7.con",
      "type": "Secondary",
      "description": [
        {
          "lang": "en",
          "value": "CWE-922"
        }
      ]
    }
  ],
  "configurations": [
    {
      "nodes": [
        {
          "operator": "OR",
          "negate": false,
          "cpeMatch": [
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:insteon:insteon_for_hub:*:*:*:*:*:android:*:*",
              "versionEndIncluding": "1.9.7",
              "matchCriteriaId": "E5997BAB-1F22-490C-9367-5EE49BBF1DBD"
            }
          ]
        }
      ]
    }
  ],
  "references": [
    {
      "url": "https://blog.rapid7.com/2017/09/22/multiple-vulnerabilities-in-wink-and-insteon-smart-home-systems/",
      "source": "cve@rapid7.con",
      "tags": [
        "Third Party Advisory"
      ]
    }
  ]
}