Description
CWE-302 Authentication Bypass by Assumed-Immutable Data in AliveCor Kardia App version 5.17.1-754993421 and prior on Android allows an unauthenticated attacker with physical access to the Android device containing the app to bypass application authentication and alter information in the app.
CVSS breakdown
CVSS 3.1
Attack Vector
Physical
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
Low
Integrity
High
Availability
None
Affected products
- AliveCor / Kardia App0 – 5.17.1-754993421
References
- VENDOR_ADVISORYhttps://www.cisa.gov/uscert/ics/advisories/icsma-22-298-01