Predictable from Observable State

CVE-2018-17917

Medium

5.3/10

Summary

All versions of Hangzhou Xiongmai Technology Co., Ltd XMeye P2P Cloud Server may allow an attacker to use MAC addresses to enumerate potential Cloud IDs. Using this ID, the attacker can discover and connect to valid devices using one of the supported apps.

Attack Complexity: LOW
Attack Vector: NETWORK
Integrity Impact: NONE
Scope: UNCHANGED
User Interaction: NONE
Privileges Required: NONE
Confidentiality Impact: LOW
Availability Impact: NONE

CWE-341 - Predictable from Observable State

A number or object is predictable based on observations that the attacker can make about the state of the system or network, such as time, process ID, etc.

References

Advisory Timeline

Published Oct 10, 2018

Predictable from Observable State

CVE-2018-17917

Summary

CWE-341 - Predictable from Observable State

References

Advisory Timeline

ChainJacking

JetBrains IDE

KICS SaaS