Vulnerability Details CVE-2018-18975
An issue was discovered in the Ascensia Contour NEXT ONE app for iOS before 2019-01-15. An attacker may proxy communications between the app and Ascensia backend servers because of a weak certificate-pinning implementation, leading to disclosure of medical information.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.002
EPSS Ranking 43.5%
CVSS Severity
CVSS v3 Score 7.5
CVSS v2 Score 5.0
References
Products affected by CVE-2018-18975
-
cpe:2.3:a:ascensia:contour_diabetes:1.2.24
-
cpe:2.3:a:ascensia:contour_diabetes:1.2.44
-
cpe:2.3:a:ascensia:contour_diabetes:1.2.55
-
cpe:2.3:a:ascensia:contour_diabetes:1.3.0
-
cpe:2.3:a:ascensia:contour_diabetes:1.3.11
-
cpe:2.3:a:ascensia:contour_diabetes:1.4.0
-
cpe:2.3:a:ascensia:contour_diabetes:1.4.50
-
cpe:2.3:a:ascensia:contour_diabetes:1.4.60
-
cpe:2.3:a:ascensia:contour_diabetes:1.4.75
-
cpe:2.3:a:ascensia:contour_diabetes:2.2.0
-
cpe:2.3:a:ascensia:contour_diabetes:2.2.5
-
cpe:2.3:a:ascensia:contour_diabetes:2.2.55
-
cpe:2.3:a:ascensia:contour_diabetes:2.3.0
-
cpe:2.3:a:ascensia:contour_diabetes:2.3.10
-
cpe:2.3:a:ascensia:contour_diabetes:2.3.20
-
cpe:2.3:a:ascensia:contour_diabetes:2.4.0
-
cpe:2.3:a:ascensia:contour_diabetes:2.4.10