CVE-2017-13105

MEDIUM

Hi Security Virus Cleaner 3.7.1.1329 - Improper Certificate Validation

Title source: llm
STIX 2.1

Description

Hi Security Virus Cleaner - Antivirus, Booster, 3.7.1.1329, 2017-09-13, Android application accepts all SSL certificates during SSL communication. This opens the application up to a man-in-the-middle attack having all of its encrypted traffic intercepted and read by an attacker.

References (1)

Core 1
Core References
Third Party Advisory, US Government Resource third-party-advisory x_refsource_cert-vn
https://www.kb.cert.org/vuls/id/787952

Scores

CVSS v3 5.9
EPSS 0.0072
EPSS Percentile 49.0%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

Details

CWE
CWE-295
Status published
Products (1)
hisecuritylab/virus_cleaner 3.7.1.1329
Published Aug 15, 2018
Tracked Since Feb 18, 2026