Search
Find a vulnerability
Search criteria
3 vulnerabilities by mitsubishicars
VAR-201410-0592
Vulnerability from variot - Updated: 2025-04-13 19:51The Mitsubishi Road Assist (aka com.agero.mitsubishi) application 1.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. AppsGeyser Online Android A tool for creating applications. On the developer site, 2014 Year 12 Moon 22 As of the day 130 Over 10,000 Android Application AppsGeyser It is stated that it was created by. AppsGeyser Created with Android The application includes HTTPS In communication SSL Contains code to disable server certificate validation.AppsGeyser If you use an application created in Android A third party on the same network as the device may view or alter the communication content of the product. plural Android The app includes SSL A vulnerability exists that does not properly validate certificates. CERT/CC Then CERT Tapioca Was used to investigate this vulnerability. For details of the survey method, CERT/CC blog Please confirm. In addition, regarding this vulnerability, CERT Oracle Secure Coding Standard for Java of DRD19-J. Properly verify server certificate on SSL/TLS See also CERT Tapioca https://www.cert.org/vulnerability-analysis/tools/cert-tapioca.cfm CERT/CC blog https://www.cert.org/blogs/certcc/post.cfm?EntryID=204 DRD19-J. Properly verify server certificate on SSL/TLS https://www.securecoding.cert.org/confluence/x/CQAJCMan-in-the-middle attacks, although the impact depends on the behavior of the app (man-in-the-middle attack) By HTTPS Network traffic that should be protected by may be viewed or tampered with. As a result, authentication information may be obtained or arbitrary code may be executed. An attacker could use this vulnerability to perform a man-in-the-middle attack and impersonate a trusted server
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201410-0592",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "mitsubishi road assist",
"scope": "eq",
"trust": 1.6,
"vendor": "mitsubishicars",
"version": "1"
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "appsgeyser",
"version": null
},
{
"model": "appsgeyser",
"scope": "eq",
"trust": 0.8,
"vendor": "besttoolbars",
"version": "created with android application"
},
{
"model": "mitsubishi road assist",
"scope": "eq",
"trust": 0.8,
"vendor": "mitsubishicars",
"version": "1.0"
},
{
"model": "",
"scope": null,
"trust": 0.8,
"vendor": "multiple vendors",
"version": null
},
{
"model": "road assist mitsubishi road assist application for android",
"scope": "eq",
"trust": 0.6,
"vendor": "mitsubishi",
"version": "1.0"
},
{
"model": "appsgeyser",
"scope": "eq",
"trust": 0.3,
"vendor": "appsgeyser",
"version": "0"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "mitsubishi road assist",
"version": "1"
}
],
"sources": [
{
"db": "IVD",
"id": "c19b48d0-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CERT/CC",
"id": "VU#1680209"
},
{
"db": "CNVD",
"id": "CNVD-2014-07783"
},
{
"db": "BID",
"id": "71760"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-007349"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-006952"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-004043"
},
{
"db": "CNNVD",
"id": "CNNVD-201410-871"
},
{
"db": "NVD",
"id": "CVE-2014-7486"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:besttoolbars:appsgeyser",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-007349"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Will Dormann of the CERT/CC",
"sources": [
{
"db": "BID",
"id": "71760"
},
{
"db": "CNNVD",
"id": "CNNVD-201412-505"
}
],
"trust": 0.9
},
"cve": "CVE-2014-7486",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 5.4,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 5.5,
"id": "CVE-2014-7486",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:A/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Adjacent Network",
"authentication": "None",
"author": "IPA",
"availabilityImpact": "Complete",
"baseScore": 8.3,
"confidentialityImpact": "Complete",
"exploitabilityScore": null,
"id": "JVNDB-2014-004043",
"impactScore": null,
"integrityImpact": "Complete",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:A/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 5.4,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 5.5,
"id": "CNVD-2014-07783",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:A/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "PARTIAL",
"baseScore": 5.4,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 5.5,
"id": "c19b48d0-2351-11e6-abef-000c29c66e3d",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.2,
"vectorString": "AV:A/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.9 [IVD]"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2014-7486",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2014-7486",
"trust": 0.8,
"value": "Medium"
},
{
"author": "IPA",
"id": "JVNDB-2014-004043",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2014-07783",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201410-871",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "IVD",
"id": "c19b48d0-2351-11e6-abef-000c29c66e3d",
"trust": 0.2,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "c19b48d0-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2014-07783"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-006952"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-004043"
},
{
"db": "CNNVD",
"id": "CNNVD-201410-871"
},
{
"db": "NVD",
"id": "CVE-2014-7486"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The Mitsubishi Road Assist (aka com.agero.mitsubishi) application 1.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. AppsGeyser Online Android A tool for creating applications. On the developer site, 2014 Year 12 Moon 22 As of the day 130 Over 10,000 Android Application AppsGeyser It is stated that it was created by. AppsGeyser Created with Android The application includes HTTPS In communication SSL Contains code to disable server certificate validation.AppsGeyser If you use an application created in Android A third party on the same network as the device may view or alter the communication content of the product. plural Android The app includes SSL A vulnerability exists that does not properly validate certificates. CERT/CC Then CERT Tapioca Was used to investigate this vulnerability. For details of the survey method, CERT/CC blog Please confirm. In addition, regarding this vulnerability, CERT Oracle Secure Coding Standard for Java of DRD19-J. Properly verify server certificate on SSL/TLS See also CERT Tapioca https://www.cert.org/vulnerability-analysis/tools/cert-tapioca.cfm CERT/CC blog https://www.cert.org/blogs/certcc/post.cfm?EntryID=204 DRD19-J. Properly verify server certificate on SSL/TLS https://www.securecoding.cert.org/confluence/x/CQAJCMan-in-the-middle attacks, although the impact depends on the behavior of the app (man-in-the-middle attack) By HTTPS Network traffic that should be protected by may be viewed or tampered with. As a result, authentication information may be obtained or arbitrary code may be executed. An attacker could use this vulnerability to perform a man-in-the-middle attack and impersonate a trusted server",
"sources": [
{
"db": "NVD",
"id": "CVE-2014-7486"
},
{
"db": "CERT/CC",
"id": "VU#1680209"
},
{
"db": "CERT/CC",
"id": "VU#582497"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-007349"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-006952"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-004043"
},
{
"db": "CNVD",
"id": "CNVD-2014-07783"
},
{
"db": "CNNVD",
"id": "CNNVD-201412-505"
},
{
"db": "BID",
"id": "71760"
},
{
"db": "IVD",
"id": "c19b48d0-2351-11e6-abef-000c29c66e3d"
}
],
"trust": 6.03
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "CERT/CC",
"id": "VU#582497",
"trust": 4.9
},
{
"db": "NVD",
"id": "CVE-2014-7486",
"trust": 3.2
},
{
"db": "CERT/CC",
"id": "VU#1680209",
"trust": 1.9
},
{
"db": "JVN",
"id": "JVNVU90369988",
"trust": 1.6
},
{
"db": "CERT/CC",
"id": "VU#345425",
"trust": 1.6
},
{
"db": "BID",
"id": "71760",
"trust": 0.9
},
{
"db": "CNVD",
"id": "CNVD-2014-07783",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201410-871",
"trust": 0.8
},
{
"db": "JVN",
"id": "JVNVU95399358",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2014-007349",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2014-006952",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2014-004043",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201412-505",
"trust": 0.6
},
{
"db": "IVD",
"id": "C19B48D0-2351-11E6-ABEF-000C29C66E3D",
"trust": 0.2
}
],
"sources": [
{
"db": "IVD",
"id": "c19b48d0-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CERT/CC",
"id": "VU#1680209"
},
{
"db": "CERT/CC",
"id": "VU#582497"
},
{
"db": "CNVD",
"id": "CNVD-2014-07783"
},
{
"db": "BID",
"id": "71760"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-007349"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-006952"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-004043"
},
{
"db": "CNNVD",
"id": "CNNVD-201412-505"
},
{
"db": "CNNVD",
"id": "CNNVD-201410-871"
},
{
"db": "NVD",
"id": "CVE-2014-7486"
}
]
},
"id": "VAR-201410-0592",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "c19b48d0-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2014-07783"
}
],
"trust": 1.8
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.8
}
],
"sources": [
{
"db": "IVD",
"id": "c19b48d0-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2014-07783"
}
]
},
"last_update_date": "2025-04-13T19:51:21.816000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Security with HTTPS and SSL",
"trust": 0.8,
"url": "http://developer.android.com/training/articles/security-ssl.html"
},
{
"title": "AppsGeyser",
"trust": 0.8,
"url": "http://www.appsgeyser.com/"
},
{
"title": "com.agero.mitsubishi",
"trust": 0.8,
"url": "https://play.google.com/store/apps/details?id=com.agero.mitsubishi"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-007349"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-006952"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-310",
"trust": 1.8
},
{
"problemtype": "CWE-Other",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-007349"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-006952"
},
{
"db": "NVD",
"id": "CVE-2014-7486"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 4.1,
"url": "http://www.kb.cert.org/vuls/id/582497"
},
{
"trust": 4.0,
"url": "https://docs.google.com/spreadsheets/d/1t5gxwjw82syunalvjb2w0zi3folrikfgpc7amjrf0r4/edit?usp=sharing"
},
{
"trust": 1.6,
"url": "http://www.fireeye.com/blog/technical/2014/08/ssl-vulnerabilities-who-listens-when-android-applications-talk.html"
},
{
"trust": 1.6,
"url": "http://developer.android.com/training/articles/security-ssl.html"
},
{
"trust": 1.6,
"url": "http://www.ftc.gov/news-events/press-releases/2014/03/fandango-credit-karma-settle-ftc-charges-they-deceived-consumers"
},
{
"trust": 1.6,
"url": "http://android-ssl.org/"
},
{
"trust": 1.6,
"url": "http://android-ssl.org/files/p49.pdf"
},
{
"trust": 1.6,
"url": "http://android-ssl.org/files/p50-fahl.pdf"
},
{
"trust": 1.6,
"url": "http://cwe.mitre.org/data/definitions/295.html"
},
{
"trust": 1.6,
"url": "http://cwe.mitre.org/data/definitions/296.html"
},
{
"trust": 1.6,
"url": "http://jvn.jp/vu/jvnvu90369988/index.html"
},
{
"trust": 1.6,
"url": "http://www.kb.cert.org/vuls/id/345425"
},
{
"trust": 1.4,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-7486"
},
{
"trust": 1.1,
"url": "http://www.kb.cert.org/vuls/id/1680209"
},
{
"trust": 0.8,
"url": "http://www.appsgeyser.com/"
},
{
"trust": 0.8,
"url": "http://jvn.jp/vu/jvnvu95399358/index.html"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-7486"
},
{
"trust": 0.8,
"url": "https://www.securecoding.cert.org/confluence/pages/viewpage.action;jsessionid=38139e999b01085a7ae8552ac02eac05?pageid=134807561"
},
{
"trust": 0.8,
"url": "https://www.cert.org/vulnerability-analysis/tools/cert-tapioca.cfm"
},
{
"trust": 0.8,
"url": "https://www.cert.org/blogs/certcc/post.cfm?entryid=204"
},
{
"trust": 0.8,
"url": "http://www.ipa.go.jp/about/press/20140919_1.html"
},
{
"trust": 0.6,
"url": "http://www.securityfocus.com/bid/71760"
},
{
"trust": 0.3,
"url": "http://www.appsgeyser.com"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#1680209"
},
{
"db": "CERT/CC",
"id": "VU#582497"
},
{
"db": "CNVD",
"id": "CNVD-2014-07783"
},
{
"db": "BID",
"id": "71760"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-007349"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-006952"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-004043"
},
{
"db": "CNNVD",
"id": "CNNVD-201412-505"
},
{
"db": "CNNVD",
"id": "CNNVD-201410-871"
},
{
"db": "NVD",
"id": "CVE-2014-7486"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "c19b48d0-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CERT/CC",
"id": "VU#1680209"
},
{
"db": "CERT/CC",
"id": "VU#582497"
},
{
"db": "CNVD",
"id": "CNVD-2014-07783"
},
{
"db": "BID",
"id": "71760"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-007349"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-006952"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-004043"
},
{
"db": "CNNVD",
"id": "CNNVD-201412-505"
},
{
"db": "CNNVD",
"id": "CNNVD-201410-871"
},
{
"db": "NVD",
"id": "CVE-2014-7486"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2014-11-03T00:00:00",
"db": "IVD",
"id": "c19b48d0-2351-11e6-abef-000c29c66e3d"
},
{
"date": "2014-12-19T00:00:00",
"db": "CERT/CC",
"id": "VU#1680209"
},
{
"date": "2014-09-03T00:00:00",
"db": "CERT/CC",
"id": "VU#582497"
},
{
"date": "2014-11-03T00:00:00",
"db": "CNVD",
"id": "CNVD-2014-07783"
},
{
"date": "2014-12-19T00:00:00",
"db": "BID",
"id": "71760"
},
{
"date": "2014-12-24T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-007349"
},
{
"date": "2014-12-17T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-006952"
},
{
"date": "2014-09-05T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-004043"
},
{
"date": "2014-12-25T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201412-505"
},
{
"date": "2014-10-22T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201410-871"
},
{
"date": "2014-10-20T10:55:07.920000",
"db": "NVD",
"id": "CVE-2014-7486"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-01-07T00:00:00",
"db": "CERT/CC",
"id": "VU#1680209"
},
{
"date": "2016-11-08T00:00:00",
"db": "CERT/CC",
"id": "VU#582497"
},
{
"date": "2014-11-03T00:00:00",
"db": "CNVD",
"id": "CNVD-2014-07783"
},
{
"date": "2014-12-19T00:00:00",
"db": "BID",
"id": "71760"
},
{
"date": "2014-12-24T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-007349"
},
{
"date": "2014-12-17T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-006952"
},
{
"date": "2014-09-19T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-004043"
},
{
"date": "2014-12-25T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201412-505"
},
{
"date": "2014-10-22T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201410-871"
},
{
"date": "2025-04-12T10:46:40.837000",
"db": "NVD",
"id": "CVE-2014-7486"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201412-505"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Mitsubishi Road Assist application for Android Information Disclosure Vulnerability",
"sources": [
{
"db": "IVD",
"id": "c19b48d0-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2014-07783"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "permissions and access control",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201412-505"
}
],
"trust": 0.6
}
}
CVE-2014-7486 (GCVE-0-2014-7486)
Vulnerability from nvd – Published: 2014-10-20 10:00 – Updated: 2024-08-06 12:47
VLAI
Summary
The Mitsubishi Road Assist (aka com.agero.mitsubishi) application 1.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
3 references
| URL | Tags |
|---|---|
| http://www.kb.cert.org/vuls/id/582497 | third-party-advisoryx_refsource_CERT-VN |
| http://www.kb.cert.org/vuls/id/345425 | third-party-advisoryx_refsource_CERT-VN |
| https://docs.google.com/spreadsheets/d/1t5GXwjw82… | x_refsource_MISC |
Date Public
2014-10-19 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T12:47:33.434Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "VU#582497",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/582497"
},
{
"name": "VU#345425",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/345425"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-10-19T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The Mitsubishi Road Assist (aka com.agero.mitsubishi) application 1.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-10-20T01:57:00.000Z",
"orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"shortName": "certcc"
},
"references": [
{
"name": "VU#582497",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/582497"
},
{
"name": "VU#345425",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/345425"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2014-7486",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Mitsubishi Road Assist (aka com.agero.mitsubishi) application 1.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "VU#582497",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/582497"
},
{
"name": "VU#345425",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/345425"
},
{
"name": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing",
"refsource": "MISC",
"url": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"assignerShortName": "certcc",
"cveId": "CVE-2014-7486",
"datePublished": "2014-10-20T10:00:00.000Z",
"dateReserved": "2014-10-03T00:00:00.000Z",
"dateUpdated": "2024-08-06T12:47:33.434Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-7486 (GCVE-0-2014-7486)
Vulnerability from cvelistv5 – Published: 2014-10-20 10:00 – Updated: 2024-08-06 12:47
VLAI
Summary
The Mitsubishi Road Assist (aka com.agero.mitsubishi) application 1.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
3 references
| URL | Tags |
|---|---|
| http://www.kb.cert.org/vuls/id/582497 | third-party-advisoryx_refsource_CERT-VN |
| http://www.kb.cert.org/vuls/id/345425 | third-party-advisoryx_refsource_CERT-VN |
| https://docs.google.com/spreadsheets/d/1t5GXwjw82… | x_refsource_MISC |
Date Public
2014-10-19 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T12:47:33.434Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "VU#582497",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/582497"
},
{
"name": "VU#345425",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/345425"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-10-19T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The Mitsubishi Road Assist (aka com.agero.mitsubishi) application 1.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-10-20T01:57:00.000Z",
"orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"shortName": "certcc"
},
"references": [
{
"name": "VU#582497",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/582497"
},
{
"name": "VU#345425",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/345425"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2014-7486",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Mitsubishi Road Assist (aka com.agero.mitsubishi) application 1.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "VU#582497",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/582497"
},
{
"name": "VU#345425",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/345425"
},
{
"name": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing",
"refsource": "MISC",
"url": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"assignerShortName": "certcc",
"cveId": "CVE-2014-7486",
"datePublished": "2014-10-20T10:00:00.000Z",
"dateReserved": "2014-10-03T00:00:00.000Z",
"dateUpdated": "2024-08-06T12:47:33.434Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}