CVE-2021-45035

low-risk

Published 2022-09-23

Velneo vClient on its 28.1.3 version, does not correctly check the certificate of authenticity by default. This could allow an attacker that has access to the network to perform a MITM attack in order to obtain the user´s credentials.

Do I need to act?

0.13% chance of exploitation

EPSS score — low exploit probability

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 6.3/10 Medium

ADJACENT_NETWORK / LOW complexity

Affected Products (1)

Vclient

Affected Vendors

Velneo

References (8)

Vendor Advisory https://doc.velneo.com/v/29/velneo/notas-de-la-version#verificacion-de-certifica...

Vendor Advisory https://velneo.es/publicacion-de-incidencia-de-seguridad-en-cve-cve-2021-45035/

Third Party Advisory https://www.incibe-cert.es/en/early-warning/security-advisories/velneo-vclient-i...

Vendor Advisory https://www.velneo.com/blog/nueva-revision-velneo-29-2

Vendor Advisory https://doc.velneo.com/v/29/velneo/notas-de-la-version#verificacion-de-certifica...

Vendor Advisory https://velneo.es/publicacion-de-incidencia-de-seguridad-en-cve-cve-2021-45035/

Third Party Advisory https://www.incibe-cert.es/en/early-warning/security-advisories/velneo-vclient-i...

Vendor Advisory https://www.velneo.com/blog/nueva-revision-velneo-29-2

/ 100

low-risk

Severity 20/34 · Moderate

Exploitability 1/34 · Minimal

Exposure 5/34 · Minimal