CVE-2014-5645

Name: CVE-2014-5645
Creator: NVD / NIST
Published: 2014-09-09T01:55:34.273+00:00
License: https://creativecommons.org/publicdomain/zero/1.0/

UnknownEPSS 0.27%

Last modified Jun 17, 2026

CVE-2014-5645 is a vulnerability of currently unknown severity. The CamScanner -Phone PDF Creator (aka com.intsig.camscanner) application 3.4.0.20140624 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.. EPSS estimates a 0.27% chance of exploitation in the next 30 days.

Description

The CamScanner -Phone PDF Creator (aka com.intsig.camscanner) application 3.4.0.20140624 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

Metrics

EPSS Probability

0.27%

18.6th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

CWE-310

Affected Software

Vendor	Product	Versions
Intsig	Camscanner -Phone Pdf Creator	3.4.0.20140624

References

http://www.kb.cert.org/vuls/id/171097US Government Resource
http://www.kb.cert.org/vuls/id/582497Third Party Advisory, US Government Resource
https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing
http://www.kb.cert.org/vuls/id/171097US Government Resource
http://www.kb.cert.org/vuls/id/582497Third Party Advisory, US Government Resource
https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing

Timeline

Published: Sep 9, 2014
Last Modified: Jun 17, 2026
Status: Modified

Frequently Asked Questions

What is CVE-2014-5645?

How severe is CVE-2014-5645?

Severity scoring for CVE-2014-5645 is pending analysis. The EPSS model estimates a 0.27% probability of exploitation in the next 30 days.

How do I fix CVE-2014-5645?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2014-5645?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST