CVE-2021-45035

CVSS v3.1

6.3

Medium

Vector

AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:N

Name of the Vulnerable Software and Affected Versions Velneo vClient version 28.1.3

Description The issue arises from the default behavior of Velneo vClient, which does not correctly check the certificate of authenticity. This could allow an attacker with network access to perform a Man-in-the-Middle (MITM) attack, potentially obtaining the user's credentials.

Recommendations For Velneo vClient version 28.1.3, consider updating the configuration to correctly check the certificate of authenticity to prevent MITM attacks. As a temporary workaround, restrict network access to trusted sources until a proper fix is applied.

Fix

Improper Authentication

Improper Certificate Validation

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-287CWE-295

Related Identifiers

CVE-2021-45035

Affected Products

Velneo Vclient

CVE-2021-45035

Weakness Enumeration

Related Identifiers

Affected Products

References · 8