CVE-2017-12697

MEDIUM

GM Shanghai OnStar iOS Client 7.1 - Man-in-the-Middle Information Disclosure

Title source: llm
STIX 2.1

Description

A Man-in-the-Middle issue was discovered in General Motors (GM) and Shanghai OnStar (SOS) SOS iOS Client 7.1. Successful exploitation of this vulnerability may allow an attacker to intercept sensitive information when the client connects to the server.

References (2)

Core 2
Core References
Mitigation, Third Party Advisory, US Government Resource x_refsource_misc
https://ics-cert.us-cert.gov/advisories/ICSA-17-234-04
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/102481

Scores

CVSS v3 5.9
EPSS 0.0143
EPSS Percentile 69.8%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

Details

CWE
CWE-200 CWE-300
Status published
Products (1)
gm/shanghai_onstar 7.1
Published Jan 09, 2018
Tracked Since Feb 18, 2026