CVE-2017-12695
HIGHGM Shanghai OnStar iOS Client 7.1 - Improper Authentication
Title source: llmDescription
An Improper Authentication issue was discovered in General Motors (GM) and Shanghai OnStar (SOS) SOS iOS Client 7.1. Successful exploitation of this vulnerability may allow an attacker to subvert security mechanisms and reset a user account password.
References (2)
Core 2
Core References
Mitigation, Third Party Advisory, US Government Resource x_refsource_misc
https://ics-cert.us-cert.gov/advisories/ICSA-17-234-04
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/102481
Scores
CVSS v3
8.8
EPSS
0.0185
EPSS Percentile
76.5%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-287
Status
published
Products (1)
gm/shanghai_onstar
7.1
Published
Jan 09, 2018
Tracked Since
Feb 18, 2026