Lucene search

[email protected]NVD:CVE-2021-45035

HistorySep 23, 2022 - 4:15 p.m.

CVE-2021-45035

2022-09-2316:15:10

CWE-287

CWE-295

[email protected]

web.nvd.nist.gov

5.9 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

0.001 Low

EPSS

Percentile

46.8%

JSON

Velneo vClient on its 28.1.3 version, does not correctly check the certificate of authenticity by default. This could allow an attacker that has access to the network to perform a MITM attack in order to obtain the user´s credentials.

Affected configurations

NVD

Node

velneovclientMatch28.1.3

References

doc.velneo.com/v/29/velneo/notas-de-la-version#verificacion-de-certificados

velneo.es/publicacion-de-incidencia-de-seguridad-en-cve-cve-2021-45035/

www.incibe-cert.es/en/early-warning/security-advisories/velneo-vclient-improper-authentication

www.velneo.com/blog/nueva-revision-velneo-29-2

5.9 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

0.001 Low

EPSS

Percentile

46.8%

JSON

Related for NVD:CVE-2021-45035

cvelist1 prion1 cve1 cnvd1