How severe is CVE-2022-41627?

This vulnerability has a severity rating of HIGH with a CVSS score of 7.6 out of 10.

What type of vulnerability is CVE-2022-41627?

This is classified as CWE-311, which is a common weakness in software security.

CVE-2022-41627 - HIGH Severity | CVSS 7.6

Vulnerability Description

The physical IoT device of the AliveCor's KardiaMobile, a smartphone-based personal electrocardiogram (EKG) has no encryption for its data-over-sound protocols. Exploiting this vulnerability could allow an attacker to read patient EKG results or create a denial-of-service condition by emitting sounds at similar frequencies as the device, disrupting the smartphone microphone’s ability to accurately read the data. To carry out this attack, the attacker must be close (less than 5 feet) to pick up and emit sound waves.

Related Vulnerabilities

CVE-2007-4961

HIGH

CVSS:7.5(High)

The login_to_simulator method in Linden Lab Second Life, as used by the secondlife:// protocol handler and possibly other Second Life login mechanisms, sends an MD5 hash in cleartext in the passwd fie...

CWE-3112007

CVE-2016-10598

HIGH

CVSS:7.5(High)

arrayfire-js is a module for ArrayFire for the Node.js platform. arrayfire-js downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code ...

CWE-3112016

CVE-2016-10608

HIGH

CVSS:7.5(High)

robot-js is a module for native system automation for node.js. robot-js downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execut...

CWE-3112016

CVE-2017-12817

HIGH

CVSS:7.5(High)

In Kaspersky Internet Security for Android 11.12.4.1622, some of the application trace files were not encrypted.

CWE-3112017

CVE-2017-15581

HIGH

CVSS:7.5(High)

In the "Diary with lock" (aka WriteDiary) application 4.72 for Android, neither HTTPS nor other encryption is used for transmitting data, despite the documentation that the product is intended for "a ...

CWE-3112017

CVE-2017-15609

HIGH

CVSS:7.5(High)

Octopus before 3.17.7 allows attackers to obtain sensitive cleartext information by reading a variable JSON file in certain situations involving Offline Drop Targets.

CWE-3112017