CVE-2016-2268
MEDIUMDell SecureWorks < 2.1 for iOS - Man-in-the-Middle via Unvalidated SSL Certificate
Title source: llmDescription
Dell SecureWorks app before 2.1 for iOS does not validate SSL certificates, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
References (5)
Core 5
Core References
Patch x_refsource_confirm
https://itunes.apple.com/us/app/dell-secureworks/id533072046
Exploit, Third Party Advisory x_refsource_misc
http://packetstormsecurity.com/files/135617/Dell-SecureWorks-iOS-Certificate-Validation-Failure.html
Third Party Advisory, VDB Entry mailing-list
x_refsource_bugtraq
http://www.securityfocus.com/archive/1/537445/100/0/threaded
Mailing List mailing-list
x_refsource_fulldisc
http://seclists.org/fulldisclosure/2016/Feb/27
Various Sources x_refsource_misc
http://www.info-sec.ca/advisories/Dell-SecureWorks.html
Scores
CVSS v3
6.8
EPSS
0.0017
EPSS Percentile
37.4%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N
Details
CWE
CWE-310
Status
published
Products (1)
dell/secureworks
2.0.6
Published
Feb 08, 2016
Tracked Since
Feb 18, 2026