CVE-2018-18978

Name of the Vulnerable Software and Affected Versions Ascensia Contour NEXT ONE application for Android versions prior to 2019-01-15

Description The issue concerns a statically coded encryption key in the application. This key can be extracted, allowing an attacker to decipher communications between the application and the backend server. If combined with another vulnerability that allows access to encrypted user data from the Ascensia cloud, an attacker could obtain and modify patient medical information.

Recommendations For versions prior to 2019-01-15, update the application to a version released after 2019-01-15 to ensure the encryption key is no longer statically coded and to mitigate the risk of data modification.