{"api_version":"1","generated_at":"2026-04-22T23:08:01+00:00","cve":"CVE-2017-12697","urls":{"html":"https://cve.report/CVE-2017-12697","api":"https://cve.report/api/cve/CVE-2017-12697.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2017-12697","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2017-12697"},"summary":{"title":"CVE-2017-12697","description":"A Man-in-the-Middle issue was discovered in General Motors (GM) and Shanghai OnStar (SOS) SOS iOS Client 7.1. Successful exploitation of this vulnerability may allow an attacker to intercept sensitive information when the client connects to the server.","state":"PUBLIC","assigner":"ics-cert@hq.dhs.gov","published_at":"2018-01-09 21:29:00","updated_at":"2019-10-09 23:23:00"},"problem_types":["CWE-200"],"metrics":[],"references":[{"url":"https://ics-cert.us-cert.gov/advisories/ICSA-17-234-04","name":"https://ics-cert.us-cert.gov/advisories/ICSA-17-234-04","refsource":"MISC","tags":["Mitigation","Third Party Advisory","US Government Resource"],"title":"General Motors and Shanghai OnStar (SOS) iOS Client | CISA","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.securityfocus.com/bid/102481","name":"102481","refsource":"BID","tags":["Third Party Advisory","VDB Entry"],"title":"Malformed Request","mime":"text/html","httpstatus":"200","archivestatus":"0"},{"url":"https://www.cve.org/CVERecord?id=CVE-2017-12697","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2017-12697","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2017","cve_id":"12697","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"gm","cpe5":"shanghai_onstar","cpe6":"7.1","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"iphone_os","cpe12":"*","cpe13":"*"},{"cve_year":"2017","cve_id":"12697","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"gm","cpe5":"shanghai_onstar","cpe6":"7.1","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"iphone_os","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[]},"source_records":{"cve_program":{"CVE_data_meta":{"ASSIGNER":"ics-cert@hq.dhs.gov","ID":"CVE-2017-12697","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"General Motors and Shanghai OnStar (SOS) iOS Client","version":{"version_data":[{"version_value":"General Motors and Shanghai OnStar (SOS) iOS Client"}]}}]},"vendor_name":"n/a"}]}},"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"A Man-in-the-Middle issue was discovered in General Motors (GM) and Shanghai OnStar (SOS) SOS iOS Client 7.1. Successful exploitation of this vulnerability may allow an attacker to intercept sensitive information when the client connects to the server."}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"CWE-300"}]}]},"references":{"reference_data":[{"name":"https://ics-cert.us-cert.gov/advisories/ICSA-17-234-04","refsource":"MISC","url":"https://ics-cert.us-cert.gov/advisories/ICSA-17-234-04"},{"name":"102481","refsource":"BID","url":"http://www.securityfocus.com/bid/102481"}]}},"nvd":{"publishedDate":"2018-01-09 21:29:00","lastModifiedDate":"2019-10-09 23:23:00","problem_types":["CWE-200"],"metrics":{"baseMetricV3":{"cvssV3":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE","baseScore":5.9,"baseSeverity":"MEDIUM"},"exploitabilityScore":2.2,"impactScore":3.6},"baseMetricV2":{"cvssV2":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:P/I:N/A:N","accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"NONE","availabilityImpact":"NONE","baseScore":4.3},"severity":"MEDIUM","exploitabilityScore":8.6,"impactScore":2.9,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:gm:shanghai_onstar:7.1:*:*:*:*:iphone_os:*:*","cpe_name":[]}]}]}},"legacy_mitre":{"record":{"CveYear":"2017","CveId":"12697","Ordinal":"109847","Title":"CVE-2017-12697","CVE":"CVE-2017-12697","Year":"2017"},"notes":[{"CveYear":"2017","CveId":"12697","Ordinal":"1","NoteData":"A Man-in-the-Middle issue was discovered in General Motors (GM) and Shanghai OnStar (SOS) SOS iOS Client 7.1. Successful exploitation of this vulnerability may allow an attacker to intercept sensitive information when the client connects to the server.","Type":"Description","Title":null},{"CveYear":"2017","CveId":"12697","Ordinal":"2","NoteData":"2018-01-09","Type":"Other","Title":"Published"},{"CveYear":"2017","CveId":"12697","Ordinal":"3","NoteData":"2018-01-12","Type":"Other","Title":"Modified"}]}}}