CVE-2021-40834
User interface Spoofing in F-Secure SAFE browser for Android
Severity Score
4.3
*CVSS v3.1
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
A user interface overlay vulnerability was discovered in F-secure SAFE Browser for Android. When user click on a specially crafted seemingly legitimate URL SAFE browser goes into full screen and hides the user interface. A remote attacker can leverage this to perform spoofing attack.
Se ha detectado una vulnerabilidad de superposición de la interfaz de usuario en F-secure SAFE Browser para Android. Cuando el usuario hace clic en una URL aparentemente legítima especialmente diseñada, el navegador SAFE pasa a pantalla completa y oculta la interfaz de usuario. Un atacante remoto puede aprovechar esto para llevar a cabo un ataque de suplantación de identidad
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2021-09-09 CVE Reserved
- 2021-12-10 CVE Published
- 2024-08-04 CVE Updated
- 2024-08-25 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-1021: Improper Restriction of Rendered UI Layers or Frames
CAPEC
References (2)
| URL | Tag | Source |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|