Main Vulnerability Database SB2018112803

SB2018112803 - Spoofing attack in Sennheiser HeadSetup

Published: November 28, 2018

Security Bulletin ID SB2018112803

CSH Severity

Low

Patch available

Number of vulnerabilities 1

Exploitation vector Remote access

Highest impact Data manipulation

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 vulnerability.

1) Spoofing attack (CVE-ID: CVE-2018-17612)

The vulnerability allows a remote attacker to conduct spoofing attack.

The vulnerability exists due to an error when handling two inadvertently disclosed digital root certificates. A remote attacker can use these certificates to issue additional certificates for uses such as code signing and server authentication, spoof content and to provide an update to the Certificate Trust List (CTL) to remove user-mode trust for the certificates.

Remediation

Cybersecurity Help is not aware of any official remediation provided by the vendor.

References

https://www.secorvo.de/publikationen/headsetup-vulnerability-report-secorvo-2018.pdf