Description
Sennheiser HeadSetup 7.3.4903 places Certification Authority (CA) certificates into the Trusted Root CA store of the local system, and publishes the private key in the SennComCCKey.pem file within the public software distribution, which allows remote attackers to spoof arbitrary web sites or software publishers for several years, even if the HeadSetup product is uninstalled. NOTE: a vulnerability-assessment approach must check all Windows systems for CA certificates with a CN of 127.0.0.1 or SennComRootCA, and determine whether those certificates are unwanted.
References (3)
Core 3
Core References
Patch, Vendor Advisory x_refsource_misc
https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/ADV180029
Exploit, Mitigation, Technical Description, Third Party Advisory x_refsource_misc
https://www.secorvo.de/publikationen/headsetup-vulnerability-report-secorvo-2018.pdf
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/106045
Scores
CVSS v3
7.5
EPSS
0.0673
EPSS Percentile
93.1%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
Details
CWE
CWE-295
Status
published
Products (18)
microsoft/windows_10
microsoft/windows_10
1607
microsoft/windows_10
1703
microsoft/windows_10
1709
microsoft/windows_10
1803
microsoft/windows_10
1809
microsoft/windows_7
microsoft/windows_8.1
microsoft/windows_rt_8.1
microsoft/windows_server_2008
... and 8 more
Published
Nov 09, 2018
Tracked Since
Feb 18, 2026