CVE-2021-45035

Sažetak

Velneo vClient on its 28.1.3 version, does not correctly check the certificate of authenticity by default. This could allow an attacker that has access to the network to perform a MITM attack in order to obtain the user´s credentials.

Reference

https://www.incibe-cert.es/en/early-warning/security-advisories/velneo-vclient-improper-authentication
https://velneo.es/publicacion-de-incidencia-de-seguridad-en-cve-cve-2021-45035/
https://doc.velneo.com/v/29/velneo/notas-de-la-version#verificacion-de-certificados
https://www.velneo.com/blog/nueva-revision-velneo-29-2

CVSS

Base:	5.9
Impact:	3.6
Exploitability:	2.2

Pristup

Vektor	Složenost	Autentikacija
NETWORK	HIGH	-

Impact

Povjerljivost	Cjelovitost	Dostupnost
HIGH	NONE	NONE

CVSS vektor

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

Zadnje važnije ažuriranje

21-07-2023 - 16:44

Objavljeno

23-09-2022 - 16:15