CVE-2017-10818 – MaLion for Windows and Mac versions 3.2.1 to 5.... (How to Fix)

Q: What is the severity of CVE-2017-10818?

CVE-2017-10818 has a CVSS score of 9.8 (CRITICAL). MaLion for Windows and Mac versions 3.2.1 to 5.2.1 use a hardcoded cryptographic key, allowing attackers to modify Terminal Agent connection settings and spoof the Relay Service. This affects all users running vulnerable versions of MaLion communication software.

📋 TL;DR

MaLion for Windows and Mac versions 3.2.1 to 5.2.1 use a hardcoded cryptographic key, allowing attackers to modify Terminal Agent connection settings and spoof the Relay Service. This affects all users running vulnerable versions of MaLion communication software.

💻 Affected Systems

Products:

MaLion for Windows
MaLion for Mac

Versions: 3.2.1 to 5.2.1

Operating Systems: Windows, macOS

Default Config Vulnerable: ⚠️ Yes

Notes: All installations within the affected version range are vulnerable regardless of configuration.

📦 What is this software?

Malion by Intercom

View all CVEs affecting Malion →

Malion by Intercom

View all CVEs affecting Malion →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete compromise of MaLion communications allowing man-in-the-middle attacks, data interception, and potential credential theft from all connected systems.

🟠

Likely Case

Attackers redirect communications to malicious servers, intercept sensitive data, and potentially gain unauthorized access to connected systems.

🟢

If Mitigated

Limited impact if network segmentation prevents external access to MaLion services and strict outbound firewall rules are in place.

🌐 Internet-Facing: HIGH - If MaLion services are exposed to the internet, attackers can easily exploit the hardcoded key to intercept or manipulate communications.

🏢 Internal Only: MEDIUM - Internal attackers or compromised internal systems could still exploit this vulnerability to intercept sensitive communications.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Exploitation requires network access to MaLion services but uses a known hardcoded key, making attacks straightforward.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 5.2.2 or later

Vendor Advisory: http://www.intercom.co.jp/information/2017/0801.html

Restart Required: Yes

Instructions:

1. Download MaLion version 5.2.2 or later from official vendor site. 2. Install the update following vendor instructions. 3. Restart all MaLion services and affected systems.

🔧 Temporary Workarounds

Network Segmentation

all

Isolate MaLion services from untrusted networks to prevent external exploitation.

Firewall Restrictions

all

Implement strict firewall rules to limit access to MaLion services only to trusted IP addresses.

🧯 If You Can't Patch

Segment MaLion services on isolated network segments with strict access controls
Monitor network traffic for unusual connections to/from MaLion services

🔍 How to Verify

Check if Vulnerable:

Check MaLion version in application settings or About dialog. Versions 3.2.1 through 5.2.1 are vulnerable.

Check Version:

Check MaLion application menu → About or version information in program files

Verify Fix Applied:

Verify MaLion version is 5.2.2 or later and check that cryptographic operations use unique keys instead of hardcoded values.

📡 Detection & Monitoring

Log Indicators:

Unusual connection attempts to MaLion services
Changes to MaLion configuration files
Failed authentication attempts from unexpected sources

Network Indicators:

Unexpected connections to MaLion Relay Service ports
Traffic redirection to unknown servers
Unencrypted or suspiciously encrypted communications

SIEM Query:

source="malion*" AND (event_type="config_change" OR dest_ip NOT IN [trusted_ips])

📊 Metadata

CVE ID: CVE-2017-10818

CVSS v3 Score: 9.8 (CRITICAL)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-798

Published: August 4, 2017

Last Updated: April 20, 2025

🔗 References

http://www.intercom.co.jp/information/2017/0801.html Vendor Advisory
https://jvn.jp/en/vu/JVNVU91587298/index.html Third Party Advisory,VDB Entry
http://www.intercom.co.jp/information/2017/0801.html Vendor Advisory
https://jvn.jp/en/vu/JVNVU91587298/index.html Third Party Advisory,VDB Entry

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2017-10818, you might also want to check these: