CVE-2024-44097

State: PUBLISHED · Published: 2024-10-02 · Updated: 2024-10-02 · Assigner: Google_Devices

Description

According to the researcher: "The TLS connections are encrypted against tampering or eavesdropping. However, the application does not validate the server certificate properly while initializing the TLS connection. This allows for a network attacker to intercept the connection and read the data. The attacker could the either send the client a malicious response, or forward the (possibly modified) data to the real server."

CWE

CWE-269 — CWE-269 Improper Privilege Management

Affected

Google / Android — v=unknown [affected]

CVSS

(none)

References

https://support.google.com/product-documentation/answer/14950962?sjid=9489879942601373169-NA

Source

cvelistV5-main/cves/2024/44xxx/CVE-2024-44097.json