CVE-2017-10818

critical

Published 2017-08-04 · Modified 2026-05-13

CVSS v3

9.8

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CVSS v2

7.5

VIR risk

9.8

Description

MaLion for Windows and Mac versions 3.2.1 to 5.2.1 uses a hardcoded cryptographic key which may allow an attacker to alter the connection settings of Terminal Agent and spoof the Relay Service.

Predictions

Exploit likelihood

97%

Patch ETA

—

Heuristic predictions, AS-IS, for prioritization only.

Mitigations

vendor Authored 2026-05-27

Vendor advisory: vultures@jpcert.or.jp — http://www.intercom.co.jp/information/2017/0801.html

Application impact

Vendor	Product	Versions	Fixed
intercom	malion	`{"startIncluding":"3.2.1","endIncluding":"5.2.1"}`

References

http://www.intercom.co.jp/information/2017/0801.html
https://jvn.jp/en/vu/JVNVU91587298/index.html
http://www.intercom.co.jp/information/2017/0801.html
https://jvn.jp/en/vu/JVNVU91587298/index.html

CWEs

CWE-798

Verify integrity in audit chain (admin only). AS-IS.