CyberSec.Space Logo
Back to CVE Browser

CVE-2018-18975

HIGH
7.5
CVSS Severity Score
EPSS Score0.1710%
EPSS Percentile37.10th
PublishedMay 6, 2019
Last ModifiedNov 21, 2024

Vulnerability Description

An issue was discovered in the Ascensia Contour NEXT ONE app for iOS before 2019-01-15. An attacker may proxy communications between the app and Ascensia backend servers because of a weak certificate-pinning implementation, leading to disclosure of medical information.

Affected Platforms (CPE)

📦
Ascensia

Contour Diabetes

< 2.4.30

References & Advisories

🔗 https://depthsecurity.com/blog/medical-exploitation-you-are-now-diabetic
🔗 https://depthsecurity.com/blog/medical-exploitation-you-are-now-diabetic

Related Vulnerabilities

CVE-2018-487210.0

An issue was discovered in Adobe Acrobat Reader 2018.009.20050 and earlier versions, 2017.011.30070 and earlier versions, 2015.006...

CVE-2018-100012410.0

I Librarian I-librarian version 4.8 and earlier contains a XML External Entity (XXE) vulnerability in line 154 of importmetadata.p...

CVE-2018-261110.0

Vulnerability in the Sun ZFS Storage Appliance Kit (AK) component of Oracle Sun Systems Products Suite (subcomponent: Core Service...

CVE-2018-409110.0

An issue was discovered in certain Apple products. macOS before 10.13.3 is affected. The issue involves the "Sandbox" component. I...