Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by vendor Ascensia Subscribe
Filtered by product Contour Diabetes
Total 5 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2018-18978 1 Ascensia 1 Contour Diabetes 2020-08-24 5.8 MEDIUM 7.4 HIGH
An issue was discovered in the Ascensia Contour NEXT ONE application for Android before 2019-01-15. It has a statically coded encryption key. Extraction of the encryption key is necessary for deciphering communications between this application and the backend server. This, in combination with retrieving any user's encrypted data from the Ascensia cloud through another vulnerability, allows an attacker to obtain and modify any patient's medical information.
CVE-2018-18979 1 Ascensia 1 Contour Diabetes 2020-08-24 5.8 MEDIUM 7.4 HIGH
An issue was discovered in the Ascensia Contour NEXT ONE application for Android before 2019-01-15. It has a statically coded initialization vector. Extraction of the initialization vector is necessary for deciphering communications between this application and the backend server. This, in combination with retrieving any user's encrypted data from the Ascensia cloud through another vulnerability, allows an attacker to obtain and modify any patient's medical information.
CVE-2018-18976 1 Ascensia 1 Contour Diabetes 2020-08-24 5.0 MEDIUM 5.3 MEDIUM
An issue was discovered in the Ascensia Contour NEXT ONE application for iOS and Android before 2019-01-15. An attacker may retrieve encrypted medical information of any user of the Ascensia cloud platform by performing Direct Object References with a series of user ID values. (This information can be decrypted through a different vulnerability.)
CVE-2018-18977 1 Ascensia 1 Contour Diabetes 2019-05-08 5.0 MEDIUM 7.5 HIGH
An issue was discovered in the Ascensia Contour NEXT ONE application for Android before 2019-01-15. An attacker may reverse engineer the codebase to extract sensitive data that contributes to the disclosure of medical information of patients utilizing the Ascensia platform. This occurs because of weak obfuscation.
CVE-2018-18975 1 Ascensia 1 Contour Diabetes 2019-05-07 5.0 MEDIUM 7.5 HIGH
An issue was discovered in the Ascensia Contour NEXT ONE app for iOS before 2019-01-15. An attacker may proxy communications between the app and Ascensia backend servers because of a weak certificate-pinning implementation, leading to disclosure of medical information.