It was discovered as a part of the research on IoT devices in the most recent firmware for Blipcare device that the device allows to connect to web management interface on a non-SSL connection using plain text HTTP protocol. The user uses the web management interface of the device to provide the user's Wi-Fi credentials so that the device can connect to it and have Internet access. This device acts as a Wireless Blood pressure monitor and is used to measure blood pressure levels of a person. This allows an attacker who is connected to the Blipcare's device wireless network to easily sniff these values using a MITM attack.
Published 2019-07-02 21:15:10
Updated 2019-07-15 13:10:30
Source MITRE
View at NVD,   CVE.org
Vulnerability category: Information leak

Exploit prediction scoring system (EPSS) score for CVE-2017-11578

0.91%
Probability of exploitation activity in the next 30 days EPSS Score History
~ 83 %
Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2017-11578

Base Score Base Severity CVSS Vector Exploitability Score Impact Score Score Source First Seen
4.3
MEDIUM AV:N/AC:M/Au:N/C:P/I:N/A:N
8.6
2.9
NIST
5.9
MEDIUM CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
2.2
3.6
NIST

CWE ids for CVE-2017-11578

References for CVE-2017-11578

Products affected by CVE-2017-11578

This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!