MidnightBSD

Advisories for sennheiser

CVE-2018-17612 MEDIUM

Sennheiser HeadSetup 7.3.4903 places Certification Authority (CA) certificates into the Trusted Root CA store of the local system, and publishes the private key in the SennComCCKey.pem file within the public software distribution, which allows remote attackers to spoof arbitrary web sites or software publishers for several years, even if the HeadSetup product is uninstalled. NOTE: a vulnerability-assessment approach must check all Windows systems for CA certificates with a CN of 127.0.0.1 or SennComRootCA, and determine whether those certificates are unwanted.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-295,

Products Affected

Vendor Product Version
microsoft windows_server_2008 -
microsoft windows_10 1709
microsoft windows_7 -
microsoft windows_server_2012 r2
microsoft windows_server_2012 -
microsoft windows_10 1809
microsoft windows_10 1803
microsoft windows_server_2016 1803
microsoft windows_8.1 -
microsoft windows_server_2016 1709
microsoft windows_server_2019 -
sennheiser headsetup 7.3.4903
microsoft windows_server_2016 -
microsoft windows_10 1607
microsoft windows_10 1703
microsoft windows_rt_8.1 -
microsoft windows_server_2008 r2
microsoft windows_10 -