Search criteria
3 vulnerabilities found for secureworks by dell
VAR-201602-0073
Vulnerability from variot - Updated: 2025-04-13 23:26Dell SecureWorks app before 2.1 for iOS does not validate SSL certificates, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. Dell SecureWorks is prone to a security-bypass vulnerability because the application fails to properly validate SSL certificates. Successfully exploiting this issue allows attackers to perform man-in-the-middle attacks and bypass certain security restrictions. Dell SecureWorks 2.0.6 and prior versions are vulnerable. The Dell SecureWorks app for iOS is a set of mobile applications based on the iOS system of Dell in the United States for accessing the security information of Dell SecureWorks. The program supports rapid response to security incidents and comments, updates, etc. on critical security incidents.
Impact
An attacker who can perform a man in the middle attack may present a bogus SSL certificate which the application will accept silently. Usernames, passwords and sensitive information could be captured by an attacker without the user's knowledge.
Timeline
October 4, 2015 - Notified Dell SecureWorks via security@secureworks.com & security@dell.com October 6, 2015 - Dell SecureWorks responded stating that they are investigating October 15, 2015 - Dell SecureWorks asked for steps to reproduce the vulnerability October 15, 2015 - Provided steps to reproduce October 22, 2015 - Dell SecureWorks confirmed the vulnerability October 22, 2015 - Asked for a timeline to release the new version October 26, 2015 - Dell SecureWorks responded stating they are working on an update but do not have a timeline February 2, 2016 - Dell SecureWorks released version 2.1 which resolves this vulnerability
Solution
Upgrade to version 2.1 or later
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201602-0073",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "secureworks",
"scope": "eq",
"trust": 1.6,
"vendor": "dell",
"version": "2.0.6"
},
{
"model": "mobile application",
"scope": "lt",
"trust": 0.8,
"vendor": "dell secureworks",
"version": "2.1"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-001638"
},
{
"db": "CNNVD",
"id": "CNNVD-201602-168"
},
{
"db": "NVD",
"id": "CVE-2016-2268"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:misc:dellsecureworks_secureworks",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-001638"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "David Coomber",
"sources": [
{
"db": "BID",
"id": "82655"
},
{
"db": "PACKETSTORM",
"id": "135617"
}
],
"trust": 0.4
},
"cve": "CVE-2016-2268",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 5.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CVE-2016-2268",
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 5.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "VHN-91087",
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:P/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"exploitabilityScore": 2.2,
"id": "CVE-2016-2268",
"impactScore": 4.0,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"trust": 1.8,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2016-2268",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2016-2268",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNNVD",
"id": "CNNVD-201602-168",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-91087",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-91087"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-001638"
},
{
"db": "CNNVD",
"id": "CNNVD-201602-168"
},
{
"db": "NVD",
"id": "CVE-2016-2268"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Dell SecureWorks app before 2.1 for iOS does not validate SSL certificates, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. Dell SecureWorks is prone to a security-bypass vulnerability because the application fails to properly validate SSL certificates. \nSuccessfully exploiting this issue allows attackers to perform man-in-the-middle attacks and bypass certain security restrictions. \nDell SecureWorks 2.0.6 and prior versions are vulnerable. The Dell SecureWorks app for iOS is a set of mobile applications based on the iOS system of Dell in the United States for accessing the security information of Dell SecureWorks. The program supports rapid response to security incidents and comments, updates, etc. on critical security incidents. \n\nImpact\n\nAn attacker who can perform a man in the middle attack may present a\nbogus SSL certificate which the application will accept silently. \nUsernames, passwords and sensitive information could be captured by an\nattacker without the user\u0027s knowledge. \n\nTimeline\n\nOctober 4, 2015 - Notified Dell SecureWorks via\nsecurity@secureworks.com \u0026 security@dell.com\nOctober 6, 2015 - Dell SecureWorks responded stating that they are investigating\nOctober 15, 2015 - Dell SecureWorks asked for steps to reproduce the\nvulnerability\nOctober 15, 2015 - Provided steps to reproduce\nOctober 22, 2015 - Dell SecureWorks confirmed the vulnerability\nOctober 22, 2015 - Asked for a timeline to release the new version\nOctober 26, 2015 - Dell SecureWorks responded stating they are working\non an update but do not have a timeline\nFebruary 2, 2016 - Dell SecureWorks released version 2.1 which\nresolves this vulnerability\n\nSolution\n\nUpgrade to version 2.1 or later\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2016-2268"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-001638"
},
{
"db": "BID",
"id": "82655"
},
{
"db": "VULHUB",
"id": "VHN-91087"
},
{
"db": "PACKETSTORM",
"id": "135617"
}
],
"trust": 2.07
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2016-2268",
"trust": 2.8
},
{
"db": "PACKETSTORM",
"id": "135617",
"trust": 1.2
},
{
"db": "JVNDB",
"id": "JVNDB-2016-001638",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201602-168",
"trust": 0.7
},
{
"db": "BID",
"id": "82655",
"trust": 0.4
},
{
"db": "VULHUB",
"id": "VHN-91087",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-91087"
},
{
"db": "BID",
"id": "82655"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-001638"
},
{
"db": "PACKETSTORM",
"id": "135617"
},
{
"db": "CNNVD",
"id": "CNNVD-201602-168"
},
{
"db": "NVD",
"id": "CVE-2016-2268"
}
]
},
"id": "VAR-201602-0073",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-91087"
}
],
"trust": 0.01
},
"last_update_date": "2025-04-13T23:26:39.614000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Dell SecureWorks",
"trust": 0.8,
"url": "https://itunes.apple.com/us/app/dell-secureworks/id533072046"
},
{
"title": "Top Page",
"trust": 0.8,
"url": "http://www.secureworks.jp/"
},
{
"title": "Dell SecureWorks app for iOS Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=60114"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-001638"
},
{
"db": "CNNVD",
"id": "CNNVD-201602-168"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-310",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-91087"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-001638"
},
{
"db": "NVD",
"id": "CVE-2016-2268"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.9,
"url": "http://www.info-sec.ca/advisories/dell-secureworks.html"
},
{
"trust": 1.7,
"url": "https://itunes.apple.com/us/app/dell-secureworks/id533072046"
},
{
"trust": 1.7,
"url": "http://seclists.org/fulldisclosure/2016/feb/27"
},
{
"trust": 1.1,
"url": "http://www.securityfocus.com/archive/1/537445/100/0/threaded"
},
{
"trust": 1.1,
"url": "http://packetstormsecurity.com/files/135617/dell-secureworks-ios-certificate-validation-failure.html"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-2268"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-2268"
},
{
"trust": 0.6,
"url": "http://www.securityfocus.com/archive/1/archive/1/537445/100/0/threaded"
},
{
"trust": 0.3,
"url": "http://dell.com"
},
{
"trust": 0.3,
"url": "http://seclists.org/bugtraq/2016/feb/24"
},
{
"trust": 0.1,
"url": "https://itunes.apple.com/us/app/dell-secureworks/id533072046)"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-91087"
},
{
"db": "BID",
"id": "82655"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-001638"
},
{
"db": "PACKETSTORM",
"id": "135617"
},
{
"db": "CNNVD",
"id": "CNNVD-201602-168"
},
{
"db": "NVD",
"id": "CVE-2016-2268"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-91087"
},
{
"db": "BID",
"id": "82655"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-001638"
},
{
"db": "PACKETSTORM",
"id": "135617"
},
{
"db": "CNNVD",
"id": "CNNVD-201602-168"
},
{
"db": "NVD",
"id": "CVE-2016-2268"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-02-08T00:00:00",
"db": "VULHUB",
"id": "VHN-91087"
},
{
"date": "2016-02-03T00:00:00",
"db": "BID",
"id": "82655"
},
{
"date": "2016-03-09T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-001638"
},
{
"date": "2016-02-05T17:22:22",
"db": "PACKETSTORM",
"id": "135617"
},
{
"date": "2016-02-15T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201602-168"
},
{
"date": "2016-02-08T19:59:09.783000",
"db": "NVD",
"id": "CVE-2016-2268"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-10-09T00:00:00",
"db": "VULHUB",
"id": "VHN-91087"
},
{
"date": "2016-07-06T12:17:00",
"db": "BID",
"id": "82655"
},
{
"date": "2016-06-01T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-001638"
},
{
"date": "2016-02-15T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201602-168"
},
{
"date": "2025-04-12T10:46:40.837000",
"db": "NVD",
"id": "CVE-2016-2268"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201602-168"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Apple iOS for Dell SecureWorks Vulnerability impersonating server in mobile application",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-001638"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "encryption problem",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201602-168"
}
],
"trust": 0.6
}
}
CVE-2016-2268 (GCVE-0-2016-2268)
Vulnerability from nvd – Published: 2016-02-08 19:00 – Updated: 2024-08-05 23:24
VLAI?
Summary
Dell SecureWorks app before 2.1 for iOS does not validate SSL certificates, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T23:24:48.422Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://itunes.apple.com/us/app/dell-secureworks/id533072046"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/135617/Dell-SecureWorks-iOS-Certificate-Validation-Failure.html"
},
{
"name": "20160203 Dell SecureWorks iOS Application - MITM SSL Certificate Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/537445/100/0/threaded"
},
{
"name": "20160203 Dell SecureWorks iOS Application - MITM SSL Certificate Vulnerability",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2016/Feb/27"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.info-sec.ca/advisories/Dell-SecureWorks.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-02-02T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Dell SecureWorks app before 2.1 for iOS does not validate SSL certificates, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-09T18:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://itunes.apple.com/us/app/dell-secureworks/id533072046"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/135617/Dell-SecureWorks-iOS-Certificate-Validation-Failure.html"
},
{
"name": "20160203 Dell SecureWorks iOS Application - MITM SSL Certificate Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/537445/100/0/threaded"
},
{
"name": "20160203 Dell SecureWorks iOS Application - MITM SSL Certificate Vulnerability",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2016/Feb/27"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.info-sec.ca/advisories/Dell-SecureWorks.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-2268",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Dell SecureWorks app before 2.1 for iOS does not validate SSL certificates, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://itunes.apple.com/us/app/dell-secureworks/id533072046",
"refsource": "CONFIRM",
"url": "https://itunes.apple.com/us/app/dell-secureworks/id533072046"
},
{
"name": "http://packetstormsecurity.com/files/135617/Dell-SecureWorks-iOS-Certificate-Validation-Failure.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/135617/Dell-SecureWorks-iOS-Certificate-Validation-Failure.html"
},
{
"name": "20160203 Dell SecureWorks iOS Application - MITM SSL Certificate Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/537445/100/0/threaded"
},
{
"name": "20160203 Dell SecureWorks iOS Application - MITM SSL Certificate Vulnerability",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2016/Feb/27"
},
{
"name": "http://www.info-sec.ca/advisories/Dell-SecureWorks.html",
"refsource": "MISC",
"url": "http://www.info-sec.ca/advisories/Dell-SecureWorks.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2016-2268",
"datePublished": "2016-02-08T19:00:00.000Z",
"dateReserved": "2016-02-08T00:00:00.000Z",
"dateUpdated": "2024-08-05T23:24:48.422Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-2268 (GCVE-0-2016-2268)
Vulnerability from cvelistv5 – Published: 2016-02-08 19:00 – Updated: 2024-08-05 23:24
VLAI?
Summary
Dell SecureWorks app before 2.1 for iOS does not validate SSL certificates, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T23:24:48.422Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://itunes.apple.com/us/app/dell-secureworks/id533072046"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/135617/Dell-SecureWorks-iOS-Certificate-Validation-Failure.html"
},
{
"name": "20160203 Dell SecureWorks iOS Application - MITM SSL Certificate Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/537445/100/0/threaded"
},
{
"name": "20160203 Dell SecureWorks iOS Application - MITM SSL Certificate Vulnerability",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2016/Feb/27"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.info-sec.ca/advisories/Dell-SecureWorks.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-02-02T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Dell SecureWorks app before 2.1 for iOS does not validate SSL certificates, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-09T18:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://itunes.apple.com/us/app/dell-secureworks/id533072046"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/135617/Dell-SecureWorks-iOS-Certificate-Validation-Failure.html"
},
{
"name": "20160203 Dell SecureWorks iOS Application - MITM SSL Certificate Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/537445/100/0/threaded"
},
{
"name": "20160203 Dell SecureWorks iOS Application - MITM SSL Certificate Vulnerability",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2016/Feb/27"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.info-sec.ca/advisories/Dell-SecureWorks.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-2268",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Dell SecureWorks app before 2.1 for iOS does not validate SSL certificates, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://itunes.apple.com/us/app/dell-secureworks/id533072046",
"refsource": "CONFIRM",
"url": "https://itunes.apple.com/us/app/dell-secureworks/id533072046"
},
{
"name": "http://packetstormsecurity.com/files/135617/Dell-SecureWorks-iOS-Certificate-Validation-Failure.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/135617/Dell-SecureWorks-iOS-Certificate-Validation-Failure.html"
},
{
"name": "20160203 Dell SecureWorks iOS Application - MITM SSL Certificate Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/537445/100/0/threaded"
},
{
"name": "20160203 Dell SecureWorks iOS Application - MITM SSL Certificate Vulnerability",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2016/Feb/27"
},
{
"name": "http://www.info-sec.ca/advisories/Dell-SecureWorks.html",
"refsource": "MISC",
"url": "http://www.info-sec.ca/advisories/Dell-SecureWorks.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2016-2268",
"datePublished": "2016-02-08T19:00:00.000Z",
"dateReserved": "2016-02-08T00:00:00.000Z",
"dateUpdated": "2024-08-05T23:24:48.422Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}