Vulnerability-Lookup

CNVD-2019-43898

Vulnerability from cnvd - Published: 2019-12-05

Title

HP Isaac Mizrahi Smartwatch安全特征问题漏洞

Description

HP Isaac Mizrahi是美国惠普（HP）公司的一款用于管理访问HP Isaac Mizrahi智能手表的应用程序。 HP Isaac Mizrahi Smartwatch中存在安全漏洞。攻击者可利用该漏洞窃取凭证并劫持用户界面。

Severity

中

Patch Name

HP Isaac Mizrahi Smartwatch安全特征问题漏洞的补丁

Patch Description

HP Isaac Mizrahi是美国惠普（HP）公司的一款用于管理访问HP Isaac Mizrahi智能手表的应用程序。 HP Isaac Mizrahi Smartwatch中存在安全漏洞。攻击者可利用该漏洞窃取凭证并劫持用户界面。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description

目前厂商已发布升级补丁以修复漏洞，补丁获取链接： https://support.hp.com/us-en/document/c05976868

Reference

https://support.hp.com/us-en/document/c05976868

Impacted products

Name
HP Isaac Mizrahi Smartwatch

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2017-2748",
      "cveUrl": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2748"
    }
  },
  "description": "HP Isaac Mizrahi\u662f\u7f8e\u56fd\u60e0\u666e\uff08HP\uff09\u516c\u53f8\u7684\u4e00\u6b3e\u7528\u4e8e\u7ba1\u7406\u8bbf\u95eeHP Isaac Mizrahi\u667a\u80fd\u624b\u8868\u7684\u5e94\u7528\u7a0b\u5e8f\u3002\n\nHP Isaac Mizrahi Smartwatch\u4e2d\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u7a83\u53d6\u51ed\u8bc1\u5e76\u52ab\u6301\u7528\u6237\u754c\u9762\u3002",
  "formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u53d1\u5e03\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u6f0f\u6d1e\uff0c\u8865\u4e01\u83b7\u53d6\u94fe\u63a5\uff1a\r\nhttps://support.hp.com/us-en/document/c05976868",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2019-43898",
  "openTime": "2019-12-05",
  "patchDescription": "HP Isaac Mizrahi\u662f\u7f8e\u56fd\u60e0\u666e\uff08HP\uff09\u516c\u53f8\u7684\u4e00\u6b3e\u7528\u4e8e\u7ba1\u7406\u8bbf\u95eeHP Isaac Mizrahi\u667a\u80fd\u624b\u8868\u7684\u5e94\u7528\u7a0b\u5e8f\u3002\r\n\r\nHP Isaac Mizrahi Smartwatch\u4e2d\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u7a83\u53d6\u51ed\u8bc1\u5e76\u52ab\u6301\u7528\u6237\u754c\u9762\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "HP Isaac Mizrahi Smartwatch\u5b89\u5168\u7279\u5f81\u95ee\u9898\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": "HP Isaac Mizrahi Smartwatch"
  },
  "referenceLink": "https://support.hp.com/us-en/document/c05976868",
  "serverity": "\u4e2d",
  "submitTime": "2019-03-29",
  "title": "HP Isaac Mizrahi Smartwatch\u5b89\u5168\u7279\u5f81\u95ee\u9898\u6f0f\u6d1e"
}

CVE-2017-2748 (GCVE-0-2017-2748)

Vulnerability from cvelistv5 – Published: 2019-03-27 16:01 – Updated: 2024-08-05 14:02

Summary

A potential security vulnerability caused by the use of insecure (http) transactions during login has been identified with early versions of the Isaac Mizrahi Smartwatch mobile app. HP has no access to customer data as a result of this issue.

Severity

No CVSS data available.

CWE

Insecure HTTP during login.

Assigner

References

1 reference

URL	Tags
https://support.hp.com/us-en/document/c05976868	x_refsource_CONFIRM

Impacted products

1 product

Vendor	Product	Version
Isaac Mizrahi	Isaac Mizrahi Smartwatch Mobile App	Affected: Isaac Mizrahi iOS app versions 1.0.2.10 Affected: 1.2.2.12 Affected: 1.3.7 Affected: and 1.4.8. Isaac Mizrahi Android app versions 1.0.201601214 Affected: 1.2.2016040820 Affected: 1.3.2016052319 Affected: 1.4.2016072601

Date Public

2018-04-13 00:00

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T14:02:07.706Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://support.hp.com/us-en/document/c05976868"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Isaac Mizrahi Smartwatch Mobile App",
          "vendor": "Isaac Mizrahi",
          "versions": [
            {
              "status": "affected",
              "version": "Isaac Mizrahi iOS app versions 1.0.2.10"
            },
            {
              "status": "affected",
              "version": "1.2.2.12"
            },
            {
              "status": "affected",
              "version": "1.3.7"
            },
            {
              "status": "affected",
              "version": "and 1.4.8. Isaac Mizrahi Android app versions 1.0.201601214"
            },
            {
              "status": "affected",
              "version": "1.2.2016040820"
            },
            {
              "status": "affected",
              "version": "1.3.2016052319"
            },
            {
              "status": "affected",
              "version": "1.4.2016072601"
            }
          ]
        }
      ],
      "datePublic": "2018-04-13T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "A potential security vulnerability caused by the use of insecure (http) transactions during login has been identified with early versions of the Isaac Mizrahi Smartwatch mobile app. HP has no access to customer data as a result of this issue."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Insecure HTTP during login.",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2019-03-27T16:01:47.000Z",
        "orgId": "74586083-13ce-40fd-b46a-8e5d23cfbcb2",
        "shortName": "hp"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://support.hp.com/us-en/document/c05976868"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "hp-security-alert@hp.com",
          "ID": "CVE-2017-2748",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Isaac Mizrahi Smartwatch Mobile App",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "Isaac Mizrahi iOS app versions 1.0.2.10"
                          },
                          {
                            "version_value": "1.2.2.12"
                          },
                          {
                            "version_value": "1.3.7"
                          },
                          {
                            "version_value": "and 1.4.8. Isaac Mizrahi Android app versions 1.0.201601214"
                          },
                          {
                            "version_value": "1.2.2016040820"
                          },
                          {
                            "version_value": "1.3.2016052319"
                          },
                          {
                            "version_value": "1.4.2016072601"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Isaac Mizrahi"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A potential security vulnerability caused by the use of insecure (http) transactions during login has been identified with early versions of the Isaac Mizrahi Smartwatch mobile app. HP has no access to customer data as a result of this issue."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Insecure HTTP during login."
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://support.hp.com/us-en/document/c05976868",
              "refsource": "CONFIRM",
              "url": "https://support.hp.com/us-en/document/c05976868"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "74586083-13ce-40fd-b46a-8e5d23cfbcb2",
    "assignerShortName": "hp",
    "cveId": "CVE-2017-2748",
    "datePublished": "2019-03-27T16:01:47.000Z",
    "dateReserved": "2016-12-01T00:00:00.000Z",
    "dateUpdated": "2024-08-05T14:02:07.706Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date	Other

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CNVD-2019-43898

CVE-2017-2748 (GCVE-0-2017-2748)

Tags

Sightings

Nomenclature