CVE-2022-21170 - OpenCVE

Improper check for certificate revocation in i-FILTER Ver.10.45R01 and earlier, i-FILTER Ver.9.50R10 and earlier, i-FILTER Browser & Cloud MultiAgent for Windows Ver.4.93R04 and earlier, and D-SPA (Ver.3 / Ver.4) using i-FILTER allows a remote unauthenticated attacker to conduct a man-in-the-middle attack and eavesdrop on an encrypted communication.

No CVSS v4.0

Attack Vector Network

Attack Complexity High

Privileges Required None

Scope Unchanged

Confidentiality Impact Low

Integrity Impact None

Availability Impact None

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

AV:N/AC:M/Au:N/C:P/I:N/A:N

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Daj	Dspa-15000 M5 Dspa-2000 M4 Dspa-4000 M4 Dspa-7000 M5 I-filter I-filter Browser \& Cloud Multiagent

Configuration 1 [-]

cpe:2.3:a:daj:i-filter_browser_\&_cloud_multiagent:*:*:*:*:*:windows:*:*

Configuration 2 [-]

AND

OR	cpe:2.3:h:daj:dspa-15000_m5:3:::::::*
	cpe:2.3:h:daj:dspa-15000_m5:4:::::::*
	cpe:2.3:h:daj:dspa-2000_m4:4:::::::*
	cpe:2.3:h:daj:dspa-4000_m4:4:::::::*
	cpe:2.3:h:daj:dspa-7000_m5:3:::::::*
	cpe:2.3:h:daj:dspa-7000_m5:4:::::::*

OR	cpe:2.3:a:daj:i-filter::::::::
	cpe:2.3:a:daj:i-filter::::::::

No data.

References

Link	Providers
https://download.daj.co.jp/user/dspa/V3/
https://download.daj.co.jp/user/dspa/V4/
https://download.daj.co.jp/user/ifb/
https://download.daj.co.jp/user/ifilter/V10/
https://download.daj.co.jp/user/ifilter/V9/
https://jvn.jp/en/jp/JVN33214411/index.html

History

No history.

MITRE

Status: PUBLISHED

Assigner: jpcert

Published: 2022-03-07T09:00:37

Updated: 2024-08-03T02:31:59.738Z

Reserved: 2022-01-31T00:00:00

Link: CVE-2022-21170

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2022-03-10T17:45:10.083

Modified: 2022-03-16T17:04:47.047

Link: CVE-2022-21170

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "i-FILTER, i-FILTER Browser & Cloud MultiAgent for Windows, and D-SPA using i-FILTER", "vendor": "Digital Arts Inc.", "versions": [{"status": "affected", "version": "i-FILTER Ver.10.45R01 and earlier, i-FILTER Ver.9.50R10 and earlier, i-FILTER Browser & Cloud MultiAgent for Windows Ver.4.93R04 and earlier, and D-SPA (Ver.3 / Ver.4) using i-FILTER"}]}], "descriptions": [{"lang": "en", "value": "Improper check for certificate revocation in i-FILTER Ver.10.45R01 and earlier, i-FILTER Ver.9.50R10 and earlier, i-FILTER Browser & Cloud MultiAgent for Windows Ver.4.93R04 and earlier, and D-SPA (Ver.3 / Ver.4) using i-FILTER allows a remote unauthenticated attacker to conduct a man-in-the-middle attack and eavesdrop on an encrypted communication."}], "problemTypes": [{"descriptions": [{"description": "Improper check for certificate revocation", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2022-03-07T09:00:37", "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce", "shortName": "jpcert"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://download.daj.co.jp/user/ifilter/V10/"}, {"tags": ["x_refsource_MISC"], "url": "https://download.daj.co.jp/user/ifilter/V9/"}, {"tags": ["x_refsource_MISC"], "url": "https://download.daj.co.jp/user/ifb/"}, {"tags": ["x_refsource_MISC"], "url": "https://download.daj.co.jp/user/dspa/V4/"}, {"tags": ["x_refsource_MISC"], "url": "https://download.daj.co.jp/user/dspa/V3/"}, {"tags": ["x_refsource_MISC"], "url": "https://jvn.jp/en/jp/JVN33214411/index.html"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "vultures@jpcert.or.jp", "ID": "CVE-2022-21170", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "i-FILTER, i-FILTER Browser & Cloud MultiAgent for Windows, and D-SPA using i-FILTER", "version": {"version_data": [{"version_value": "i-FILTER Ver.10.45R01 and earlier, i-FILTER Ver.9.50R10 and earlier, i-FILTER Browser & Cloud MultiAgent for Windows Ver.4.93R04 and earlier, and D-SPA (Ver.3 / Ver.4) using i-FILTER"}]}}]}, "vendor_name": "Digital Arts Inc."}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Improper check for certificate revocation in i-FILTER Ver.10.45R01 and earlier, i-FILTER Ver.9.50R10 and earlier, i-FILTER Browser & Cloud MultiAgent for Windows Ver.4.93R04 and earlier, and D-SPA (Ver.3 / Ver.4) using i-FILTER allows a remote unauthenticated attacker to conduct a man-in-the-middle attack and eavesdrop on an encrypted communication."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Improper check for certificate revocation"}]}]}, "references": {"reference_data": [{"name": "https://download.daj.co.jp/user/ifilter/V10/", "refsource": "MISC", "url": "https://download.daj.co.jp/user/ifilter/V10/"}, {"name": "https://download.daj.co.jp/user/ifilter/V9/", "refsource": "MISC", "url": "https://download.daj.co.jp/user/ifilter/V9/"}, {"name": "https://download.daj.co.jp/user/ifb/", "refsource": "MISC", "url": "https://download.daj.co.jp/user/ifb/"}, {"name": "https://download.daj.co.jp/user/dspa/V4/", "refsource": "MISC", "url": "https://download.daj.co.jp/user/dspa/V4/"}, {"name": "https://download.daj.co.jp/user/dspa/V3/", "refsource": "MISC", "url": "https://download.daj.co.jp/user/dspa/V3/"}, {"name": "https://jvn.jp/en/jp/JVN33214411/index.html", "refsource": "MISC", "url": "https://jvn.jp/en/jp/JVN33214411/index.html"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T02:31:59.738Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://download.daj.co.jp/user/ifilter/V10/"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://download.daj.co.jp/user/ifilter/V9/"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://download.daj.co.jp/user/ifb/"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://download.daj.co.jp/user/dspa/V4/"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://download.daj.co.jp/user/dspa/V3/"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://jvn.jp/en/jp/JVN33214411/index.html"}]}]}, "cveMetadata": {"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce", "assignerShortName": "jpcert", "cveId": "CVE-2022-21170", "datePublished": "2022-03-07T09:00:37", "dateReserved": "2022-01-31T00:00:00", "dateUpdated": "2024-08-03T02:31:59.738Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:daj:i-filter_browser_\\&_cloud_multiagent:*:*:*:*:*:windows:*:*", "matchCriteriaId": "0A067113-D8E7-44A5-8B94-C60259A003DD", "versionEndIncluding": "4.93r04", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:h:daj:dspa-15000_m5:3:*:*:*:*:*:*:*", "matchCriteriaId": "9D48721B-0841-49AB-BD04-2C48F4C23EEC", "vulnerable": false}, {"criteria": "cpe:2.3:h:daj:dspa-15000_m5:4:*:*:*:*:*:*:*", "matchCriteriaId": "A5B5073D-2359-4A37-B203-D45799BA9045", "vulnerable": false}, {"criteria": "cpe:2.3:h:daj:dspa-2000_m4:4:*:*:*:*:*:*:*", "matchCriteriaId": "950E990E-8809-4E06-BCD3-9AE4DE613B01", "vulnerable": false}, {"criteria": "cpe:2.3:h:daj:dspa-4000_m4:4:*:*:*:*:*:*:*", "matchCriteriaId": "2D521EF9-C517-4114-8AA8-0DD78BE19476", "vulnerable": false}, {"criteria": "cpe:2.3:h:daj:dspa-7000_m5:3:*:*:*:*:*:*:*", "matchCriteriaId": "45FC586C-85E6-469D-8A4E-C145E60B3109", "vulnerable": false}, {"criteria": "cpe:2.3:h:daj:dspa-7000_m5:4:*:*:*:*:*:*:*", "matchCriteriaId": "399E9A87-DF61-4B0C-8134-3912E8161904", "vulnerable": false}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:a:daj:i-filter:*:*:*:*:*:*:*:*", "matchCriteriaId": "F8322913-9EC0-4A2C-BB6E-CED5BA681B6F", "versionEndIncluding": "9.50r10", "vulnerable": true}, {"criteria": "cpe:2.3:a:daj:i-filter:*:*:*:*:*:*:*:*", "matchCriteriaId": "EEEBABB4-18EA-47A8-A421-B6733EB2C9AD", "versionEndIncluding": "10.45r01", "versionStartIncluding": "10.0", "vulnerable": true}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Improper check for certificate revocation in i-FILTER Ver.10.45R01 and earlier, i-FILTER Ver.9.50R10 and earlier, i-FILTER Browser & Cloud MultiAgent for Windows Ver.4.93R04 and earlier, and D-SPA (Ver.3 / Ver.4) using i-FILTER allows a remote unauthenticated attacker to conduct a man-in-the-middle attack and eavesdrop on an encrypted communication."}, {"lang": "es", "value": "Una comprobaci\u00f3n inapropiada de la revocaci\u00f3n de certificados en i-FILTER Versiones 10.45R01 y anteriores, i-FILTER Versiones 9.50R10 y anteriores, i-FILTER Browser & Cloud MultiAgent para Windows Versiones 4.93R04 y anteriores, y D-SPA (Versi\u00f3n 3 / Versi\u00f3n 4) usando i-FILTER permite a un atacante remoto no autenticado realizar un ataque de tipo man-in-the-middle y espiar una comunicaci\u00f3n cifrada"}], "id": "CVE-2022-21170", "lastModified": "2022-03-16T17:04:47.047", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 3.7, "baseSeverity": "LOW", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 2.2, "impactScore": 1.4, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2022-03-10T17:45:10.083", "references": [{"source": "vultures@jpcert.or.jp", "tags": ["Permissions Required", "Vendor Advisory"], "url": "https://download.daj.co.jp/user/dspa/V3/"}, {"source": "vultures@jpcert.or.jp", "tags": ["Permissions Required", "Vendor Advisory"], "url": "https://download.daj.co.jp/user/dspa/V4/"}, {"source": "vultures@jpcert.or.jp", "tags": ["Permissions Required", "Vendor Advisory"], "url": "https://download.daj.co.jp/user/ifb/"}, {"source": "vultures@jpcert.or.jp", "tags": ["Permissions Required", "Vendor Advisory"], "url": "https://download.daj.co.jp/user/ifilter/V10/"}, {"source": "vultures@jpcert.or.jp", "tags": ["Permissions Required", "Vendor Advisory"], "url": "https://download.daj.co.jp/user/ifilter/V9/"}, {"source": "vultures@jpcert.or.jp", "tags": ["Third Party Advisory", "VDB Entry"], "url": "https://jvn.jp/en/jp/JVN33214411/index.html"}], "sourceIdentifier": "vultures@jpcert.or.jp", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-295"}], "source": "nvd@nist.gov", "type": "Primary"}]}