CVE-2018-0691

Name: CVE-2018-0691
Creator: NVD / NIST
Published: 2018-11-15T15:29:00.91+00:00
License: https://creativecommons.org/publicdomain/zero/1.0/

UnknownEPSS 0.67%

Last modified Jun 17, 2026

CVE-2018-0691 is a vulnerability of currently unknown severity. Multiple +Message Apps (Softbank +Message App for Android prior to version 10.1.7, Softbank +Message App for iOS prior to version 1.1.23, NTT DOCOMO +Message App for Android prior to version 42.40.2800, NTT DOCOMO +Message App for iOS prior to version 1.1.23, KDDI +Message App for Android prior to version 1.0.6, and KDDI +Message App for iOS prior to version 1.1.23) do not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.. EPSS estimates a 0.67% chance of exploitation in the next 30 days.

Description

Multiple +Message Apps (Softbank +Message App for Android prior to version 10.1.7, Softbank +Message App for iOS prior to version 1.1.23, NTT DOCOMO +Message App for Android prior to version 42.40.2800, NTT DOCOMO +Message App for iOS prior to version 1.1.23, KDDI +Message App for Android prior to version 1.0.6, and KDDI +Message App for iOS prior to version 1.1.23) do not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

Metrics

EPSS Probability

0.67%

47.1th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

CWE-295

Affected Software

Vendor	Product	Versions
Kddi	\+ Message	< 1.0.6
Ntttocomo	\+ Message	< 42.40.2800
Softbank	\+ Message	< 10.1.7
Kddi	\+ Message	< 1.1.23
Ntt Tocomo	\+ Message	< 1.1.23
Softbank	\+ Message	< 1.1.23

References

http://jvn.jp/en/jp/JVN37288228/index.htmlThird Party Advisory
https://www.au.com/information/notice_mobile/service/2018-002/Patch, Vendor Advisory
https://www.nttdocomo.co.jp/info/notice/page/180927_00.htmlPatch, Vendor Advisory
https://www.softbank.jp/mobile/info/personal/news/service/20180927a/Patch, Vendor Advisory
http://jvn.jp/en/jp/JVN37288228/index.htmlThird Party Advisory
https://www.au.com/information/notice_mobile/service/2018-002/Patch, Vendor Advisory
https://www.nttdocomo.co.jp/info/notice/page/180927_00.htmlPatch, Vendor Advisory
https://www.softbank.jp/mobile/info/personal/news/service/20180927a/Patch, Vendor Advisory

Timeline

Published: Nov 15, 2018
Last Modified: Jun 17, 2026
Status: Modified

Frequently Asked Questions

What is CVE-2018-0691?

How severe is CVE-2018-0691?

Severity scoring for CVE-2018-0691 is pending analysis. The EPSS model estimates a 0.67% probability of exploitation in the next 30 days.

How do I fix CVE-2018-0691?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2018-0691?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST