Lucene search

INCIBECVELIST:CVE-2021-45035

HistorySep 16, 2022 - 12:00 a.m.

CVE-2021-45035 Velneo vClient Improper authentication

2022-09-1600:00:00

CWE-287

INCIBE

www.cve.org

6.3 Medium

CVSS3

Attack Vector

ADJACENT

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:N

6.4 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

46.8%

JSON

Velneo vClient on its 28.1.3 version, does not correctly check the certificate of authenticity by default. This could allow an attacker that has access to the network to perform a MITM attack in order to obtain the user´s credentials.

CNA Affected

[
  {
    "product": "Velneo vClient",
    "vendor": "Velneo",
    "versions": [
      {
        "status": "affected",
        "version": "28.1.3"
      }
    ]
  }
]

References

doc.velneo.com/v/29/velneo/notas-de-la-version#verificacion-de-certificados

velneo.es/publicacion-de-incidencia-de-seguridad-en-cve-cve-2021-45035/

www.incibe-cert.es/en/early-warning/security-advisories/velneo-vclient-improper-authentication

www.velneo.com/blog/nueva-revision-velneo-29-2

6.3 Medium

CVSS3

Attack Vector

ADJACENT

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:N

6.4 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

46.8%

JSON

Related for CVELIST:CVE-2021-45035