CVE-2017-7192
UnknownEPSS 1.91%
Last modified
CVE-2017-7192 is a vulnerability of currently unknown severity. WebSocket.swift in Starscream before 2.0.4 allows an SSL Pinning bypass because of incorrect management of the certValidated variable (it can be set to true but cannot be set to false).. EPSS estimates a 1.91% chance of exploitation in the next 30 days.
Description
WebSocket.swift in Starscream before 2.0.4 allows an SSL Pinning bypass because of incorrect management of the certValidated variable (it can be set to true but cannot be set to false).
Metrics
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Starscream Project | Starscream | <= 2.0.3 |
References
- https://github.com/daltoniam/Starscream/commit/dbeb1190b8dcbff4f0b797f9e9d9b9b864d1f0d6Patch, Third Party Advisory
- https://github.com/daltoniam/Starscream/releases/tag/2.0.4Release Notes, Third Party Advisory
- https://github.com/daltoniam/Starscream/commit/dbeb1190b8dcbff4f0b797f9e9d9b9b864d1f0d6Patch, Third Party Advisory
- https://github.com/daltoniam/Starscream/releases/tag/2.0.4Release Notes, Third Party Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2017-7192?
WebSocket.swift in Starscream before 2.0.4 allows an SSL Pinning bypass because of incorrect management of the certValidated variable (it can be set to true but cannot be set to false).
How severe is CVE-2017-7192?
Severity scoring for CVE-2017-7192 is pending analysis. The EPSS model estimates a 1.91% probability of exploitation in the next 30 days.
How do I fix CVE-2017-7192?
Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.
Are you affected by CVE-2017-7192?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST