CPE matches: cpe:2.3:a:naranjascontocados:naranjas_con_tocados:0.1:*:*:*:*:android:*:*
The Naranjas Con Tocados (aka com.NaranjasConTocados.com) application 0.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
- Limited modification of data and/or system files.
- Limited access to information.
- Reduced performance (partial DoS).
- Attacking requires physical proximity to the network and can be done by anyone (requires no authentication).
- Human user action interaction is required for the attack.
Damage and attack conditions obtained from AV:A/AC:M/Au:N/C:P/I:P/A:P (CVSSv2)