CVE-2017-10669

MEDIUM

Xoev Osci Transport Library - Signature Verification Bypass

Title source: rule

Description

Signature Wrapping exists in OSCI-Transport 1.2 as used in OSCI Transport Library 1.6.1 (Java) and OSCI Transport Library 1.6 (.NET). An attacker with access to unencrypted OSCI protocol messages must send crafted protocol messages with duplicate IDs.

References (2)

[Mailing List, Third Party Advisory] http://seclists.org/fulldisclosure/2017/Jun/44

[Technical Description, Third Party Advisory] http://blog.sec-consult.com/2017/06/german-e-government-details-vulnerabilities.html

Scores

CVSS v3 6.5

EPSS 0.0013

EPSS Percentile 32.4%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

Details

CWE

CWE-347

Status published

Products (3)

xoev/osci_transport_library

n/a/n/a

Published Jun 30, 2017

Tracked Since Feb 18, 2026