Strix
26.1K

CVE-2018-18908

UnknownEPSS 0.56%

Last modified

CVE-2018-18908 is a vulnerability of currently unknown severity. The Sky Go Desktop application 1.0.19-1 through 1.0.23-1 for Windows performs several requests over cleartext HTTP. This makes the data submitted in these requests prone to Man in The Middle (MiTM) attacks, whereby an attacker would be able to obtain the data sent in these requests. EPSS estimates a 0.56% chance of exploitation in the next 30 days.

Description

The Sky Go Desktop application 1.0.19-1 through 1.0.23-1 for Windows performs several requests over cleartext HTTP. This makes the data submitted in these requests prone to Man in The Middle (MiTM) attacks, whereby an attacker would be able to obtain the data sent in these requests. Some of the requests contain potentially sensitive information that could be useful to an attacker, such as the victim's Sky username.

Metrics

EPSS Probability
0.56%

42.4th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

Affected Software

VendorProductVersions
SkySky Go>= 1.0.19-1, <= 1.0.23-1

References

Timeline

Published
Last Modified
Status
Modified

Frequently Asked Questions

What is CVE-2018-18908?
The Sky Go Desktop application 1.0.19-1 through 1.0.23-1 for Windows performs several requests over cleartext HTTP. This makes the data submitted in these requests prone to Man in The Middle (MiTM) attacks, whereby an attacker would be able to obtain the data sent in these requests. Some of the requests contain potentially sensitive information that could be useful to an attacker, such as the victim's Sky username.
How severe is CVE-2018-18908?
Severity scoring for CVE-2018-18908 is pending analysis. The EPSS model estimates a 0.56% probability of exploitation in the next 30 days.
How do I fix CVE-2018-18908?
Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2018-18908?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST