CVE-2021-33596 (GCVE-0-2021-33596)
Vulnerability from cvelistv5 – Published: 2021-08-05 19:26 – Updated: 2024-08-03 23:50
VLAI?
Summary
Showing the legitimate URL in the address bar while loading the content from other domain. This makes the user believe that the content is served by a legit domain. Exploiting the vulnerability requires the user to click on a specially crafted, seemingly legitimate URL containing an embedded malicious redirect while using F-Secure Safe Browser for iOS.
Severity ?
CWE
- Fake Apple login prompt in F-Secure SAFE browser for iOS
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| F-Secure | F-Secure Mobile Security |
Affected:
18.3x , < 18.4x
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T23:50:43.276Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.f-secure.com/en/business/programs/vulnerability-reward-program/hall-of-fame"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.f-secure.com/en/business/support-and-downloads/security-advisories"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.f-secure.com/en/business/support-and-downloads/security-advisories/cve-2021-33596"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"platforms": [
"iOS"
],
"product": "F-Secure Mobile Security",
"vendor": "F-Secure",
"versions": [
{
"lessThan": "18.4x",
"status": "affected",
"version": "18.3x",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Showing the legitimate URL in the address bar while loading the content from other domain. This makes the user believe that the content is served by a legit domain. Exploiting the vulnerability requires the user to click on a specially crafted, seemingly legitimate URL containing an embedded malicious redirect while using F-Secure Safe Browser for iOS."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Fake Apple login prompt in F-Secure SAFE browser for iOS",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-08-11T10:35:30",
"orgId": "126858f1-1b65-4b74-81ca-7034f7f7723f",
"shortName": "F-SecureUS"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.f-secure.com/en/business/programs/vulnerability-reward-program/hall-of-fame"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.f-secure.com/en/business/support-and-downloads/security-advisories"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.f-secure.com/en/business/support-and-downloads/security-advisories/cve-2021-33596"
}
],
"solutions": [
{
"lang": "en",
"value": "Upgrade to version 18.4.x or newer from the App Store "
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Fake Apple login prompt in F-Secure SAFE browser for iOS",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve-notifications-us@f-secure.com",
"ID": "CVE-2021-33596",
"STATE": "PUBLIC",
"TITLE": "Fake Apple login prompt in F-Secure SAFE browser for iOS"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "F-Secure Mobile Security",
"version": {
"version_data": [
{
"platform": "iOS",
"version_affected": "\u003c",
"version_name": "18.3x",
"version_value": "18.4x"
}
]
}
}
]
},
"vendor_name": "F-Secure"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Showing the legitimate URL in the address bar while loading the content from other domain. This makes the user believe that the content is served by a legit domain. Exploiting the vulnerability requires the user to click on a specially crafted, seemingly legitimate URL containing an embedded malicious redirect while using F-Secure Safe Browser for iOS."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Fake Apple login prompt in F-Secure SAFE browser for iOS"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.f-secure.com/en/business/programs/vulnerability-reward-program/hall-of-fame",
"refsource": "MISC",
"url": "https://www.f-secure.com/en/business/programs/vulnerability-reward-program/hall-of-fame"
},
{
"name": "https://www.f-secure.com/en/business/programs/vulnerability-reward-program/hall-of-fame",
"refsource": "MISC",
"url": "https://www.f-secure.com/en/business/programs/vulnerability-reward-program/hall-of-fame"
},
{
"name": "https://www.f-secure.com/en/business/support-and-downloads/security-advisories",
"refsource": "MISC",
"url": "https://www.f-secure.com/en/business/support-and-downloads/security-advisories"
},
{
"name": "https://www.f-secure.com/en/business/support-and-downloads/security-advisories/cve-2021-33596",
"refsource": "MISC",
"url": "https://www.f-secure.com/en/business/support-and-downloads/security-advisories/cve-2021-33596"
},
{
"name": "https://www.f-secure.com/en/business/support-and-downloads/security-advisories",
"refsource": "MISC",
"url": "https://www.f-secure.com/en/business/support-and-downloads/security-advisories"
}
]
},
"solution": [
{
"lang": "en",
"value": "Upgrade to version 18.4.x or newer from the App Store "
}
],
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "126858f1-1b65-4b74-81ca-7034f7f7723f",
"assignerShortName": "F-SecureUS",
"cveId": "CVE-2021-33596",
"datePublished": "2021-08-05T19:26:50",
"dateReserved": "2021-05-27T00:00:00",
"dateUpdated": "2024-08-03T23:50:43.276Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"fkie_nvd": {
"configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:f-secure:safe:*:*:*:*:*:iphone_os:*:*\", \"versionEndExcluding\": \"18.4.272901\", \"matchCriteriaId\": \"0D793BD2-1CBF-492B-823B-F8CB0FF45476\"}]}]}]",
"descriptions": "[{\"lang\": \"en\", \"value\": \"Showing the legitimate URL in the address bar while loading the content from other domain. This makes the user believe that the content is served by a legit domain. Exploiting the vulnerability requires the user to click on a specially crafted, seemingly legitimate URL containing an embedded malicious redirect while using F-Secure Safe Browser for iOS.\"}, {\"lang\": \"es\", \"value\": \"Mostrar la URL leg\\u00edtima en la barra de direcciones mientras se carga el contenido de otro dominio. Esto hace creer al usuario que el contenido es servido por un dominio leg\\u00edtimo. Una explotaci\\u00f3n de la vulnerabilidad requiere al usuario hacer clic en una URL especialmente dise\\u00f1ada, aparentemente leg\\u00edtima, conteniendo una redirecci\\u00f3n maliciosa insertada mientras se usa F-Secure Safe Browser for iOS\"}]",
"id": "CVE-2021-33596",
"lastModified": "2024-11-21T06:09:10.100",
"metrics": "{\"cvssMetricV31\": [{\"source\": \"cve-notifications-us@f-secure.com\", \"type\": \"Secondary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N\", \"baseScore\": 3.5, \"baseSeverity\": \"LOW\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"LOW\", \"userInteraction\": \"REQUIRED\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"LOW\", \"availabilityImpact\": \"NONE\"}, \"exploitabilityScore\": 2.1, \"impactScore\": 1.4}, {\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:N/I:L/A:N\", \"baseScore\": 4.1, \"baseSeverity\": \"MEDIUM\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"LOW\", \"userInteraction\": \"REQUIRED\", \"scope\": \"CHANGED\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"LOW\", \"availabilityImpact\": \"NONE\"}, \"exploitabilityScore\": 2.3, \"impactScore\": 1.4}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:M/Au:S/C:N/I:P/A:N\", \"baseScore\": 3.5, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"MEDIUM\", \"authentication\": \"SINGLE\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"PARTIAL\", \"availabilityImpact\": \"NONE\"}, \"baseSeverity\": \"LOW\", \"exploitabilityScore\": 6.8, \"impactScore\": 2.9, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": true}]}",
"published": "2021-08-05T20:15:09.140",
"references": "[{\"url\": \"https://www.f-secure.com/en/business/programs/vulnerability-reward-program/hall-of-fame\", \"source\": \"cve-notifications-us@f-secure.com\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://www.f-secure.com/en/business/support-and-downloads/security-advisories\", \"source\": \"cve-notifications-us@f-secure.com\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://www.f-secure.com/en/business/support-and-downloads/security-advisories/cve-2021-33596\", \"source\": \"cve-notifications-us@f-secure.com\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://www.f-secure.com/en/business/programs/vulnerability-reward-program/hall-of-fame\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://www.f-secure.com/en/business/support-and-downloads/security-advisories\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://www.f-secure.com/en/business/support-and-downloads/security-advisories/cve-2021-33596\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}]",
"sourceIdentifier": "cve-notifications-us@f-secure.com",
"vulnStatus": "Modified",
"weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-1021\"}]}]"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2021-33596\",\"sourceIdentifier\":\"cve-notifications-us@f-secure.com\",\"published\":\"2021-08-05T20:15:09.140\",\"lastModified\":\"2024-11-21T06:09:10.100\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Showing the legitimate URL in the address bar while loading the content from other domain. This makes the user believe that the content is served by a legit domain. Exploiting the vulnerability requires the user to click on a specially crafted, seemingly legitimate URL containing an embedded malicious redirect while using F-Secure Safe Browser for iOS.\"},{\"lang\":\"es\",\"value\":\"Mostrar la URL leg\u00edtima en la barra de direcciones mientras se carga el contenido de otro dominio. Esto hace creer al usuario que el contenido es servido por un dominio leg\u00edtimo. Una explotaci\u00f3n de la vulnerabilidad requiere al usuario hacer clic en una URL especialmente dise\u00f1ada, aparentemente leg\u00edtima, conteniendo una redirecci\u00f3n maliciosa insertada mientras se usa F-Secure Safe Browser for iOS\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"cve-notifications-us@f-secure.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N\",\"baseScore\":3.5,\"baseSeverity\":\"LOW\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"REQUIRED\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"LOW\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":2.1,\"impactScore\":1.4},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:N/I:L/A:N\",\"baseScore\":4.1,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"REQUIRED\",\"scope\":\"CHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"LOW\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":2.3,\"impactScore\":1.4}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:S/C:N/I:P/A:N\",\"baseScore\":3.5,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"SINGLE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"NONE\"},\"baseSeverity\":\"LOW\",\"exploitabilityScore\":6.8,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":true}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-1021\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f-secure:safe:*:*:*:*:*:iphone_os:*:*\",\"versionEndExcluding\":\"18.4.272901\",\"matchCriteriaId\":\"0D793BD2-1CBF-492B-823B-F8CB0FF45476\"}]}]}],\"references\":[{\"url\":\"https://www.f-secure.com/en/business/programs/vulnerability-reward-program/hall-of-fame\",\"source\":\"cve-notifications-us@f-secure.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://www.f-secure.com/en/business/support-and-downloads/security-advisories\",\"source\":\"cve-notifications-us@f-secure.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://www.f-secure.com/en/business/support-and-downloads/security-advisories/cve-2021-33596\",\"source\":\"cve-notifications-us@f-secure.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://www.f-secure.com/en/business/programs/vulnerability-reward-program/hall-of-fame\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://www.f-secure.com/en/business/support-and-downloads/security-advisories\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://www.f-secure.com/en/business/support-and-downloads/security-advisories/cve-2021-33596\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]}]}}"
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…