← back
CVE-2024-27440

CVE-2024-27440

CVSS 4.8 MEDIUMEPSS 0.2%CWE-295
Vexday Risk Score
13Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS 4.8EPSS 0.2%KEV nãoPoC Nuclei Metasploit Patch
Lifecycle
13 Mar 2024Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
The Toyoko Inn official App for iOS versions prior to 1.13.0 and Toyoko Inn official App for Android versions prior 1.3.14 don't properly verify server certificates, which allows a man-in-the-middle attacker to spoof servers and obtain sensitive information via a crafted certificate.
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
Affected products
Toyoko Inn IT Solution Co., Ltd. · Toyoko Inn official App for AndroidToyoko Inn IT Solution Co., Ltd. · Toyoko Inn official App for iOS

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://apps.apple.com/jp/app/%E3%83%9B%E3%83%86%E3%83%AB%E6%9D%B1%E6%A8%AAinn-%E6%9D%B1%E6%A8%AA%E3%82%A4%E3%83%B3-%E5%85%AC%E5%BC%8F%E3%82%A2%E3%83%97%E3%83%AA/id1439388270https://jvn.jp/en/jp/JVN52919306/https://play.google.com/store/apps/details?id=com.toyoko_inn.toyokoandroid