Lucene search

[email protected]NVD:CVE-2021-33982

HistorySep 08, 2021 - 5:15 p.m.

CVE-2021-33982

2021-09-0817:15:09

CWE-613

[email protected]

web.nvd.nist.gov

vulnerability

session expiration

remote attacker

user sessions

admin sessions

ios app

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

EPSS

0.002

Percentile

55.4%

JSON

An insufficient session expiration vulnerability exists in the “Fish | Hunt FL” iOS app version 3.8.0 and earlier, which allows a remote attacker to reuse, spoof, or steal other user and admin sessions.

Affected configurations

Nvd

Node

myfwcfish_\|_hunt_flRange≤3.8.0iphone_os

VendorProductVersionCPE
myfwcfish_\|_hunt_fl*cpe:2.3:a:myfwc:fish_\|_hunt_fl:*:*:*:*:*:iphone_os:*:*

Vendor	Product	Version	CPE
myfwc	fish_\\|_hunt_fl	*	cpe:2.3:a:myfwc:fish_\\|_hunt_fl::::::iphone_os::*

References

gist.github.com/p4lsec/1f024d96b44ea733cdae0605c7ce8a49

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

EPSS

0.002

Percentile

55.4%

JSON

Related for NVD:CVE-2021-33982

prion1 cve1 cvelist1