PT-2019-9681 · Ascensia · Ascensia Contour Next One

Published

2019-05-06

Updated

2019-05-08

CVE-2018-18977

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions Ascensia Contour NEXT ONE application for Android versions prior to 2019-01-15

Description An issue in the Ascensia Contour NEXT ONE application allows an attacker to reverse engineer the codebase and extract sensitive data, potentially disclosing medical information of patients. This is due to weak obfuscation.

Recommendations For versions prior to 2019-01-15, update the application to a version released after 2019-01-15 to ensure the issue is resolved.

Exploit

Fix

Information Disclosure

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-200

Related Identifiers

CVE-2018-18977

Affected Products

Ascensia Contour Next One

PT-2019-9681 · Ascensia · Ascensia Contour Next One

CVE-2018-18977

Weakness Enumeration

Related Identifiers

Affected Products

References · 3