CVE-2018-18979

Name of the Vulnerable Software and Affected Versions Ascensia Contour NEXT ONE application for Android versions prior to 2019-01-15

Description The issue concerns a statically coded initialization vector in the application, which can be extracted to decipher communications between the application and the backend server. If combined with another vulnerability that allows retrieving encrypted user data from the Ascensia cloud, an attacker could obtain and modify patient medical information.

Recommendations For versions prior to 2019-01-15, update the application to a version released after 2019-01-15 to resolve the issue. As a temporary workaround, consider restricting access to sensitive patient data until the update is applied.