CVE-2019-8282

Published: Jun 7, 2019Modified: Nov 21, 2024

5.3

Vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N

Exploitability: 1.6 / Impact: 3.6

Source: NVD

Description

Gemalto Admin Control Center, all versions prior to 7.92, uses cleartext HTTP to communicate with www3.safenet-inc.com to obtain language packs. This allows attacker to do man-in-the-middle (MITM) attack and replace original language pack by malicious one.

Affected (1)

Products: Gemalto: Sentinel Ldk

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Gemalto Sentinel Ldk	Before 7.92

Related CWEs

Channel Accessible by Non-Endpoint

The product does not adequately verify the identity of actors at both ends of a communication channel, or does not adequately ensure the integrity of the channel, in a way that allows the channel to be accessed or influenced by an actor that is not an endpoint.

Origin Validation Error

The product does not properly verify that the source of data or communication is valid.

References (2)

https://ics-cert.kaspersky.com/advisories/klcert-advisories/2019/06/05/klcert-19-029-gemalto-admin-control-center-uses-cleartext-communication-with-www3-safenet-inc-com/

Source: vulnerability@kaspersky.com

Third Party Advisory

https://ics-cert.kaspersky.com/advisories/klcert-advisories/2019/06/05/klcert-19-029-gemalto-admin-control-center-uses-cleartext-communication-with-www3-safenet-inc-com/

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

Timeline

No history available yet.