← back
CVE-2021-45035

Velneo vClient Improper authentication

CVSS 6.3 MEDIUMEPSS 0.4%CWE-287
Vexday Risk Score
13Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS 6.3EPSS 0.4%KEV nãoPoC Nuclei Metasploit Patch
Lifecycle
23 Sep 2022Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
Velneo vClient on its 28.1.3 version, does not correctly check the certificate of authenticity by default. This could allow an attacker that has access to the network to perform a MITM attack in order to obtain the user´s credentials.
CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:N
Affected products
Velneo · Velneo vClient

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://doc.velneo.com/v/29/velneo/notas-de-la-version#verificacion-de-certificadoshttps://velneo.es/publicacion-de-incidencia-de-seguridad-en-cve-cve-2021-45035/https://www.incibe-cert.es/en/early-warning/security-advisories/velneo-vclient-improper-authenticationhttps://www.velneo.com/blog/nueva-revision-velneo-29-2