Tencent GameLoop before 4.1.21.90 downloaded updates over an insecure HTTP connection. A malicious attacker in an MITM position could spoof the contents of an XML document describing an update package, replacing a download URL with one pointing to an arbitrary Windows executable. Because the only integrity check would be a comparison of the downloaded file's MD5 checksum to the one contained within the XML document, the downloaded executable would then be executed on the victim's machine.
{"id": "CVE-2021-33879", "vendorId": null, "type": "cve", "bulletinFamily": "NVD", "title": "CVE-2021-33879", "description": "Tencent GameLoop before 4.1.21.90 downloaded updates over an insecure HTTP connection. A malicious attacker in an MITM position could spoof the contents of an XML document describing an update package, replacing a download URL with one pointing to an arbitrary Windows executable. Because the only integrity check would be a comparison of the downloaded file's MD5 checksum to the one contained within the XML document, the downloaded executable would then be executed on the victim's machine.", "published": "2021-06-06T20:15:00", "modified": "2021-06-15T18:27:00", "epss": [{"cve": "CVE-2021-33879", "epss": 0.00204, "percentile": 0.56956, "modified": "2023-05-23"}], "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cvss2": {"cvssV2": {"version": "2.0", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authentication": "NONE", "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "baseScore": 6.8}, "severity": "MEDIUM", "exploitabilityScore": 8.6, "impactScore": 6.4, "acInsufInfo": false, "obtainAllPrivilege": false, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}, "cvss3": {"cvssV3": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector": "NETWORK", "attackComplexity": "HIGH", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", "baseScore": 8.1, "baseSeverity": "HIGH"}, "exploitabilityScore": 2.2, "impactScore": 5.9}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-33879", "reporter": "cve@mitre.org", "references": ["https://github.com/mmiszczyk/cve-2021-33879", "https://www.gameloop.com"], "cvelist": ["CVE-2021-33879"], "immutableFields": [], "lastseen": "2023-05-23T15:29:30", "viewCount": 47, "enchantments": {"dependencies": {"references": [{"type": "githubexploit", "idList": ["55AE9A7E-6A75-5D39-9A50-890FAA2B30D9"]}], "rev": 4}, "score": {"value": 1.2, "vector": "NONE"}, "twitter": {"counter": 7, "modified": "2021-06-08T07:48:23", "tweets": [{"link": "https://twitter.com/www_sesin_at/status/1405006067768102920", "text": "New post from https://t.co/9KYxtdZjkl?amp=1 (CVE-2021-33879 (gameloop)) has been published on https://t.co/KS3ZIvITma?amp=1"}, {"link": "https://twitter.com/WolfgangSesin/status/1401952173248950277", "text": "New post from https://t.co/uXvPWJy6tj?amp=1 (CVE-2021-33879) has been published on https://t.co/EWgCGd52dw?amp=1"}, {"link": "https://twitter.com/threatmeter/status/1401798613102125056", "text": "CVE-2021-33879 Tencent GameLoop before 4.1.21.90 downloaded updates over an insecure HTTP connection. A malicious attacker in an MITM position could spoof the contents of an XML document describing an update package, replacing a download URL with one poi\u2026 https://t.co/e2qMVYS7ve?amp=1"}, {"link": "https://twitter.com/threatmeter/status/1401798613102125056", "text": "CVE-2021-33879 Tencent GameLoop before 4.1.21.90 downloaded updates over an insecure HTTP connection. A malicious attacker in an MITM position could spoof the contents of an XML document describing an update package, replacing a download URL with one poi\u2026 https://t.co/e2qMVYS7ve?amp=1"}, {"link": "https://twitter.com/WolfgangSesin/status/1405006052362526725", "text": "New post from https://t.co/uXvPWJy6tj?amp=1 (CVE-2021-33879 (gameloop)) has been published on https://t.co/whI5myN3Gu?amp=1"}, {"link": "https://twitter.com/www_sesin_at/status/1401952170921140231", "text": "New post from https://t.co/9KYxtdZjkl?amp=1 (CVE-2021-33879) has been published on https://t.co/4Aal2MaVwF?amp=1"}, {"link": "https://twitter.com/threatintelctr/status/1404876461203464195", "text": " NEW: CVE-2021-33879 Tencent GameLoop before 4.1.21.90 downloaded updates over an insecure HTTP connection. A malicious attacker in an MITM position could spoof the contents of an XML document describing an upda... (click for more) Severity: HIGH https://t.co/jfDOGB8eP3?amp=1"}]}, "backreferences": {"references": [{"type": "githubexploit", "idList": ["55AE9A7E-6A75-5D39-9A50-890FAA2B30D9"]}]}, "exploitation": null, "affected_software": {"major_version": [{"name": "tencent gameloop", "version": 4}]}, "epss": [{"cve": "CVE-2021-33879", "epss": 0.00204, "percentile": 0.56882, "modified": "2023-05-07"}], "vulnersScore": 1.2}, "_state": {"dependencies": 1684860795, "score": 1684856002, "affected_software_major_version": 0, "epss": 0}, "_internal": {"score_hash": "5e734943ddb17effafdc941183c39c2d"}, "cna_cvss": {"cna": null, "cvss": {}}, "cpe": [], "cpe23": [], "cwe": ["CWE-494"], "affectedSoftware": [{"cpeName": "tencent:gameloop", "version": "4.1.21.90", "operator": "lt", "name": "tencent gameloop"}], "affectedConfiguration": [], "cpeConfiguration": {"CVE_data_version": "4.0", "nodes": [{"operator": "OR", "children": [], "cpe_match": [{"vulnerable": true, "cpe23Uri": "cpe:2.3:a:tencent:gameloop:4.1.21.90:*:*:*:*:*:*:*", "versionEndExcluding": "4.1.21.90", "cpe_name": []}]}]}, "extraReferences": [{"url": "https://github.com/mmiszczyk/cve-2021-33879", "name": "https://github.com/mmiszczyk/cve-2021-33879", "refsource": "MISC", "tags": ["Exploit", "Third Party Advisory"]}, {"url": "https://www.gameloop.com", "name": "https://www.gameloop.com", "refsource": "MISC", "tags": ["Vendor Advisory"]}], "product_info": [{"vendor": "Tencent", "product": "Gameloop"}], "solutions": [], "workarounds": [], "impacts": [], "exploits": [], "problemTypes": []}