Sennheiser

sennheiser

1 CVE • 1 product

Products (1)

Click to collapse

Toggle

Headsetup

headsetup

1 CVE

CVEs (1)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2018-17612 2Microsoft Sennheiser 9Headsetup Windows 10Windows 7+6 more Nov 21, 2024 Nov 9, 2018 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 Sennheiser HeadSetup 7.3.4903 places Certification Authority (CA) certificates into the Trusted Root CA store of the local system, and publishes the private key in the SennComCCKey.pem file within the public software dis...Show more Sennheiser HeadSetup 7.3.4903 places Certification Authority (CA) certificates into the Trusted Root CA store of the local system, and publishes the private key in the SennComCCKey.pem file within the public software distribution, which allows remote attackers to spoof arbitrary web sites or software publishers for several years, even if the HeadSetup product is uninstalled. NOTE: a vulnerability-assessment approach must check all Windows systems for CA certificates with a CN of 127.0.0.1 or SennComRootCA, and determine whether those certificates are unwanted.Show less

CVE

VENDORS

PRODUCTS

UPDATED

PUBLISHED

CVSS

CVE-2018-17612

2Microsoft

Sennheiser

9Headsetup

Windows 10Windows 7+6 more

Nov 21, 2024

Nov 9, 2018

N/A· v4

7.5 HIGH· v3

5.0 MEDIUM· v2

Sennheiser HeadSetup 7.3.4903 places Certification Authority (CA) certificates into the Trusted Root CA store of the local system, and publishes the private key in the SennComCCKey.pem file within the public software distribution, which allows remote attackers to spoof arbitrary web sites or software publishers for several years, even if the HeadSetup product is uninstalled. NOTE: a vulnerability-assessment approach must check all Windows systems for CA certificates with a CN of 127.0.0.1 or SennComRootCA, and determine whether those certificates are unwanted.Show less