CVE-2021-33982 - OpenCVE

An insufficient session expiration vulnerability exists in the "Fish | Hunt FL" iOS app version 3.8.0 and earlier, which allows a remote attacker to reuse, spoof, or steal other user and admin sessions.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact High

Availability Impact None

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

AV:N/AC:L/Au:N/C:N/I:P/A:N

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Myfwc	Fish \\| Hunt Fl

Configuration 1 [-]

cpe:2.3:a:myfwc:fish_\|_hunt_fl:*:*:*:*:*:iphone_os:*:*

No data.

References

Link	Providers
https://gist.github.com/p4lsec/1f024d96b44ea733cdae0605c7ce8a49

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2021-09-08T16:52:37

Updated: 2024-08-04T00:05:52.400Z

Reserved: 2021-06-07T00:00:00

Link: CVE-2021-33982

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2021-09-08T17:15:09.913

Modified: 2021-09-15T00:15:12.243

Link: CVE-2021-33982

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "descriptions": [{"lang": "en", "value": "An insufficient session expiration vulnerability exists in the \"Fish | Hunt FL\" iOS app version 3.8.0 and earlier, which allows a remote attacker to reuse, spoof, or steal other user and admin sessions."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2021-09-08T16:52:37", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://gist.github.com/p4lsec/1f024d96b44ea733cdae0605c7ce8a49"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2021-33982", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "An insufficient session expiration vulnerability exists in the \"Fish | Hunt FL\" iOS app version 3.8.0 and earlier, which allows a remote attacker to reuse, spoof, or steal other user and admin sessions."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "https://gist.github.com/p4lsec/1f024d96b44ea733cdae0605c7ce8a49", "refsource": "MISC", "url": "https://gist.github.com/p4lsec/1f024d96b44ea733cdae0605c7ce8a49"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T00:05:52.400Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://gist.github.com/p4lsec/1f024d96b44ea733cdae0605c7ce8a49"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2021-33982", "datePublished": "2021-09-08T16:52:37", "dateReserved": "2021-06-07T00:00:00", "dateUpdated": "2024-08-04T00:05:52.400Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:myfwc:fish_\\|_hunt_fl:*:*:*:*:*:iphone_os:*:*", "matchCriteriaId": "DD47BE7F-B480-4FD0-BE20-4ADB12C0A5CA", "versionEndIncluding": "3.8.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "An insufficient session expiration vulnerability exists in the \"Fish | Hunt FL\" iOS app version 3.8.0 and earlier, which allows a remote attacker to reuse, spoof, or steal other user and admin sessions."}, {"lang": "es", "value": "Se presenta una vulnerabilidad de caducidad de sesi\u00f3n insuficiente en la aplicaci\u00f3n \"Fish | Hunt FL\" de iOS versi\u00f3n 3.8.0 y anteriores, que permite a un atacante remoto reusar, falsificar o robar otras sesiones de usuario y de administrador"}], "id": "CVE-2021-33982", "lastModified": "2021-09-15T00:15:12.243", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2021-09-08T17:15:09.913", "references": [{"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://gist.github.com/p4lsec/1f024d96b44ea733cdae0605c7ce8a49"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-613"}], "source": "nvd@nist.gov", "type": "Primary"}]}