CVE-2016-2268

Published on: 02/08/2016 12:00:00 AM UTC

Last Modified on: 03/23/2021 11:27:16 PM UTC

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N

Certain versions of Secureworks from Dell contain the following vulnerability:

Dell SecureWorks app before 2.1 for iOS does not validate SSL certificates, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

  • CVE-2016-2268 has been assigned by [email protected] to track the vulnerability - currently rated as MEDIUM severity.

CVSS3 Score: 6.8 - MEDIUM

Attack
Vector
Attack
Complexity
Privileges
Required
User
Interaction
NETWORK HIGH NONE NONE
Scope Confidentiality
Impact
Integrity
Impact
Availability
Impact
CHANGED NONE HIGH NONE

CVSS2 Score: 5.8 - MEDIUM

Access
Vector
Access
Complexity
Authentication
NETWORK MEDIUM NONE
Confidentiality
Impact
Integrity
Impact
Availability
Impact
PARTIAL PARTIAL NONE

CVE References

Description Tags Link
Dell SecureWorks iOS Application - MITM SSL Certificate Vulnerability (CVE-2016-2268) - Info-Sec.CA www.info-sec.ca
text/html
URL Logo MISC www.info-sec.ca/advisories/Dell-SecureWorks.html
Full Disclosure: Dell SecureWorks iOS Application - MITM SSL Certificate Vulnerability seclists.org
text/html
URL Logo FULLDISC 20160203 Dell SecureWorks iOS Application - MITM SSL Certificate Vulnerability
‎Secureworks Mobile on the App Store Patch
itunes.apple.com
text/html
URL Logo CONFIRM itunes.apple.com/us/app/dell-secureworks/id533072046
Dell SecureWorks iOS Certificate Validation Failure ≈ Packet Storm packetstormsecurity.com
text/html
URL Logo MISC packetstormsecurity.com/files/135617/Dell-SecureWorks-iOS-Certificate-Validation-Failure.html
SecurityFocus www.securityfocus.com
text/html
URL Logo BUGTRAQ 20160203 Dell SecureWorks iOS Application - MITM SSL Certificate Vulnerability

Known Affected Configurations (CPE V2.3)

Type Vendor Product Version Update Edition Language
ApplicationDellSecureworks2.0.6AllAllAll
ApplicationDellSecureworks2.0.6AllAllAll
  • cpe:2.3:a:dell:secureworks:2.0.6:*:*:*:*:iphone_os:*:*:
  • cpe:2.3:a:dell:secureworks:2.0.6:*:*:*:*:iphone_os:*:*: