Spoofing attack in HeadSetup - CVE-2018-17612
Published: November 27, 2018 / Updated: November 28, 2018
Vulnerability identifier: #VU16141
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:A/VC:H/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/U:Clear
CVE-ID: CVE-2018-17612
CWE-ID: CWE-451
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vendor: Sennheiser
Affected software:
HeadSetup
HeadSetup
Detailed vulnerability description
The vulnerability allows a remote attacker to conduct spoofing attack.
The vulnerability exists due to an error when handling two inadvertently disclosed digital root certificates. A remote attacker can use these certificates to issue additional certificates for uses such as code signing and server authentication, spoof content and to provide an update to the Certificate Trust List (CTL) to remove user-mode trust for the certificates.
How to mitigate CVE-2018-17612
The recommended solution to procure a locally trusted TLS server certificate for the local secure web socket that eliminates all the described vulnerabilities is:
During installation of the software:
- Create a new public/private key pair that is individual for each installed instance of the
software.
- Create an associated self-signed certificate for CN 127.0.0.1 which is marked as TLS
server certificate, but not as CA certificate, using the respective standard certificate
extensions.
- Push that certificate to the local machine trusted people certificate store (not the trusted
root store)
During installation of the software:
- Create a new public/private key pair that is individual for each installed instance of the
software.
- Create an associated self-signed certificate for CN 127.0.0.1 which is marked as TLS
server certificate, but not as CA certificate, using the respective standard certificate
extensions.
- Push that certificate to the local machine trusted people certificate store (not the trusted
root store)