How severe is CVE-2017-11579?

This vulnerability has a severity rating of HIGH with a CVSS score of 7.1 out of 10.

What type of vulnerability is CVE-2017-11579?

This is classified as CWE-254, which is a common weakness in software security.

CVE-2017-11579

HIGH Year: 2017

CVSS v3 Score

7.1

High

CVSS v2 Score

4.8

Medium

Weakness Type

CWE-254

View all →

Vulnerability Description

In the most recent firmware for Blipcare, the device provides an open Wireless network called "Blip" for communicating with the device. The user connects to this open Wireless network and uses the web management interface of the device to provide the user's Wi-Fi credentials so that the device can connect to it and have Internet access. This device acts as a Wireless Blood pressure monitor and is used to measure blood pressure levels of a person. This allows an attacker who is in vicinity of Wireless signal generated by the Blipcare device to easily sniff the credentials. Also, an attacker can connect to the open wireless network "Blip" exposed by the device and modify the HTTP response presented to the user by the device to execute other attacks such as convincing the user to download and execute a malicious binary that would infect a user's computer or mobile device with malware.

CVE-2016-2867

HIGH

CVSS:7.0(High)

IBM InfoSphere Streams before 4.0.1.2 and IBM Streams before 4.1.1.1 do not properly implement the runAsUser feature, which allows local users to obtain root group privileges via unspecified vectors.

CWE-2542016

CVE-2016-10224

HIGH

CVSS:7.2(High)

An issue was discovered in Sauter NovaWeb web HMI. The application uses a protection mechanism that relies on the existence or values of a cookie, but it does not properly ensure that the cookie is va...

CWE-2542016

CVE-2016-0896

HIGH

CVSS:7.3(High)

Pivotal Cloud Foundry (PCF) Elastic Runtime before 1.6.34 and 1.7.x before 1.7.12 places 169.254.0.0/16 in the all_open Application Security Group, which might allow remote attackers to bypass intende...

CWE-2542016

CVE-2016-3102

HIGH

CVSS:7.3(High)

The Script Security plugin before 1.18.1 in Jenkins might allow remote attackers to bypass a Groovy sandbox protection mechanism via a plugin that performs (1) direct field access or (2) get/set array...

CWE-2542016

CVE-2016-8310

HIGH

CVSS:7.3(High)

Vulnerability in the Oracle FLEXCUBE Universal Banking component of Oracle Financial Services Applications (subcomponent: Core). Supported versions that are affected are 11.3.0, 11.4.0, 12.0.1, 12.0.2...

CWE-2542016

CVE-2016-8502

HIGH

CVSS:7.3(High)

Yandex Protect Anti-phishing warning in Yandex Browser for desktop from version 15.12.0 to 16.2 could be used by remote attacker for brute-forcing passwords from important web-resource with special Ja...

CWE-2542016

CVE-2017-11579

Vulnerability Description

Related Vulnerabilities

CVE-2016-2867

CVE-2016-10224

CVE-2016-0896

CVE-2016-3102

CVE-2016-8310

CVE-2016-8502