CVE-2022-21170 - OpenCVE

Improper check for certificate revocation in i-FILTER Ver.10.45R01 and earlier, i-FILTER Ver.9.50R10 and earlier, i-FILTER Browser & Cloud MultiAgent for Windows Ver.4.93R04 and earlier, and D-SPA (Ver.3 / Ver.4) using i-FILTER allows a remote unauthenticated attacker to conduct a man-in-the-middle attack and eavesdrop on an encrypted communication.

Attack Vector Network

Attack Complexity High

Privileges Required None

Scope Unchanged

Confidentiality Impact Low

Integrity Impact None

Availability Impact None

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

AV:N/AC:M/Au:N/C:P/I:N/A:N

Vendors & Products
CPE Configurations

Vendors	Products
Daj	I-filter Browser \& Cloud Multiagent Dspa-2000 M4 Dspa-15000 M5 Dspa-7000 M5 I-filter Dspa-4000 M4

Configuration 1 [-]

cpe:2.3:a:daj:i-filter_browser_\&_cloud_multiagent:*:*:*:*:*:windows:*:*

Configuration 2 [-]

AND

OR	cpe:2.3:a:daj:i-filter::::::::
	cpe:2.3:a:daj:i-filter::::::::

OR	cpe:2.3:h:daj:dspa-15000_m5:3:::::::*
	cpe:2.3:h:daj:dspa-15000_m5:4:::::::*
	cpe:2.3:h:daj:dspa-2000_m4:4:::::::*
	cpe:2.3:h:daj:dspa-4000_m4:4:::::::*
	cpe:2.3:h:daj:dspa-7000_m5:3:::::::*
	cpe:2.3:h:daj:dspa-7000_m5:4:::::::*

References

Link	Resource
https://download.daj.co.jp/user/dspa/V3/	Permissions Required Vendor Advisory
https://download.daj.co.jp/user/dspa/V4/	Permissions Required Vendor Advisory
https://download.daj.co.jp/user/ifb/	Permissions Required Vendor Advisory
https://download.daj.co.jp/user/ifilter/V10/	Permissions Required Vendor Advisory
https://download.daj.co.jp/user/ifilter/V9/	Permissions Required Vendor Advisory
https://jvn.jp/en/jp/JVN33214411/index.html	Third Party Advisory VDB Entry

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: jpcert

Published: 2022-03-07T09:00:37

Updated: 2022-03-07T09:00:37

Reserved: 2022-01-31T00:00:00

Link: CVE-2022-21170

JSON object: View

NVD Information

Status : Analyzed

Published: 2022-03-10T17:45:10.083

Modified: 2022-03-16T17:04:47.047

Link: CVE-2022-21170

JSON object: View

Redhat Information

No data.

CWE

CWE-295

{"containers": {"cna": {"affected": [{"product": "i-FILTER, i-FILTER Browser & Cloud MultiAgent for Windows, and D-SPA using i-FILTER", "vendor": "Digital Arts Inc.", "versions": [{"status": "affected", "version": "i-FILTER Ver.10.45R01 and earlier, i-FILTER Ver.9.50R10 and earlier, i-FILTER Browser & Cloud MultiAgent for Windows Ver.4.93R04 and earlier, and D-SPA (Ver.3 / Ver.4) using i-FILTER"}]}], "descriptions": [{"lang": "en", "value": "Improper check for certificate revocation in i-FILTER Ver.10.45R01 and earlier, i-FILTER Ver.9.50R10 and earlier, i-FILTER Browser & Cloud MultiAgent for Windows Ver.4.93R04 and earlier, and D-SPA (Ver.3 / Ver.4) using i-FILTER allows a remote unauthenticated attacker to conduct a man-in-the-middle attack and eavesdrop on an encrypted communication."}], "problemTypes": [{"descriptions": [{"description": "Improper check for certificate revocation", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2022-03-07T09:00:37", "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce", "shortName": "jpcert"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://download.daj.co.jp/user/ifilter/V10/"}, {"tags": ["x_refsource_MISC"], "url": "https://download.daj.co.jp/user/ifilter/V9/"}, {"tags": ["x_refsource_MISC"], "url": "https://download.daj.co.jp/user/ifb/"}, {"tags": ["x_refsource_MISC"], "url": "https://download.daj.co.jp/user/dspa/V4/"}, {"tags": ["x_refsource_MISC"], "url": "https://download.daj.co.jp/user/dspa/V3/"}, {"tags": ["x_refsource_MISC"], "url": "https://jvn.jp/en/jp/JVN33214411/index.html"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "vultures@jpcert.or.jp", "ID": "CVE-2022-21170", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "i-FILTER, i-FILTER Browser & Cloud MultiAgent for Windows, and D-SPA using i-FILTER", "version": {"version_data": [{"version_value": "i-FILTER Ver.10.45R01 and earlier, i-FILTER Ver.9.50R10 and earlier, i-FILTER Browser & Cloud MultiAgent for Windows Ver.4.93R04 and earlier, and D-SPA (Ver.3 / Ver.4) using i-FILTER"}]}}]}, "vendor_name": "Digital Arts Inc."}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Improper check for certificate revocation in i-FILTER Ver.10.45R01 and earlier, i-FILTER Ver.9.50R10 and earlier, i-FILTER Browser & Cloud MultiAgent for Windows Ver.4.93R04 and earlier, and D-SPA (Ver.3 / Ver.4) using i-FILTER allows a remote unauthenticated attacker to conduct a man-in-the-middle attack and eavesdrop on an encrypted communication."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Improper check for certificate revocation"}]}]}, "references": {"reference_data": [{"name": "https://download.daj.co.jp/user/ifilter/V10/", "refsource": "MISC", "url": "https://download.daj.co.jp/user/ifilter/V10/"}, {"name": "https://download.daj.co.jp/user/ifilter/V9/", "refsource": "MISC", "url": "https://download.daj.co.jp/user/ifilter/V9/"}, {"name": "https://download.daj.co.jp/user/ifb/", "refsource": "MISC", "url": "https://download.daj.co.jp/user/ifb/"}, {"name": "https://download.daj.co.jp/user/dspa/V4/", "refsource": "MISC", "url": "https://download.daj.co.jp/user/dspa/V4/"}, {"name": "https://download.daj.co.jp/user/dspa/V3/", "refsource": "MISC", "url": "https://download.daj.co.jp/user/dspa/V3/"}, {"name": "https://jvn.jp/en/jp/JVN33214411/index.html", "refsource": "MISC", "url": "https://jvn.jp/en/jp/JVN33214411/index.html"}]}}}}, "cveMetadata": {"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce", "assignerShortName": "jpcert", "cveId": "CVE-2022-21170", "datePublished": "2022-03-07T09:00:37", "dateReserved": "2022-01-31T00:00:00", "dateUpdated": "2022-03-07T09:00:37", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:daj:i-filter_browser_\\&_cloud_multiagent:*:*:*:*:*:windows:*:*", "matchCriteriaId": "0A067113-D8E7-44A5-8B94-C60259A003DD", "versionEndIncluding": "4.93r04", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:daj:i-filter:*:*:*:*:*:*:*:*", "matchCriteriaId": "F8322913-9EC0-4A2C-BB6E-CED5BA681B6F", "versionEndIncluding": "9.50r10", "vulnerable": true}, {"criteria": "cpe:2.3:a:daj:i-filter:*:*:*:*:*:*:*:*", "matchCriteriaId": "EEEBABB4-18EA-47A8-A421-B6733EB2C9AD", "versionEndIncluding": "10.45r01", "versionStartIncluding": "10.0", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:daj:dspa-15000_m5:3:*:*:*:*:*:*:*", "matchCriteriaId": "9D48721B-0841-49AB-BD04-2C48F4C23EEC", "vulnerable": false}, {"criteria": "cpe:2.3:h:daj:dspa-15000_m5:4:*:*:*:*:*:*:*", "matchCriteriaId": "A5B5073D-2359-4A37-B203-D45799BA9045", "vulnerable": false}, {"criteria": "cpe:2.3:h:daj:dspa-2000_m4:4:*:*:*:*:*:*:*", "matchCriteriaId": "950E990E-8809-4E06-BCD3-9AE4DE613B01", "vulnerable": false}, {"criteria": "cpe:2.3:h:daj:dspa-4000_m4:4:*:*:*:*:*:*:*", "matchCriteriaId": "2D521EF9-C517-4114-8AA8-0DD78BE19476", "vulnerable": false}, {"criteria": "cpe:2.3:h:daj:dspa-7000_m5:3:*:*:*:*:*:*:*", "matchCriteriaId": "45FC586C-85E6-469D-8A4E-C145E60B3109", "vulnerable": false}, {"criteria": "cpe:2.3:h:daj:dspa-7000_m5:4:*:*:*:*:*:*:*", "matchCriteriaId": "399E9A87-DF61-4B0C-8134-3912E8161904", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "Improper check for certificate revocation in i-FILTER Ver.10.45R01 and earlier, i-FILTER Ver.9.50R10 and earlier, i-FILTER Browser & Cloud MultiAgent for Windows Ver.4.93R04 and earlier, and D-SPA (Ver.3 / Ver.4) using i-FILTER allows a remote unauthenticated attacker to conduct a man-in-the-middle attack and eavesdrop on an encrypted communication."}, {"lang": "es", "value": "Una comprobaci\u00f3n inapropiada de la revocaci\u00f3n de certificados en i-FILTER Versiones 10.45R01 y anteriores, i-FILTER Versiones 9.50R10 y anteriores, i-FILTER Browser & Cloud MultiAgent para Windows Versiones 4.93R04 y anteriores, y D-SPA (Versi\u00f3n 3 / Versi\u00f3n 4) usando i-FILTER permite a un atacante remoto no autenticado realizar un ataque de tipo man-in-the-middle y espiar una comunicaci\u00f3n cifrada"}], "id": "CVE-2022-21170", "lastModified": "2022-03-16T17:04:47.047", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 3.7, "baseSeverity": "LOW", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 2.2, "impactScore": 1.4, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2022-03-10T17:45:10.083", "references": [{"source": "vultures@jpcert.or.jp", "tags": ["Permissions Required", "Vendor Advisory"], "url": "https://download.daj.co.jp/user/dspa/V3/"}, {"source": "vultures@jpcert.or.jp", "tags": ["Permissions Required", "Vendor Advisory"], "url": "https://download.daj.co.jp/user/dspa/V4/"}, {"source": "vultures@jpcert.or.jp", "tags": ["Permissions Required", "Vendor Advisory"], "url": "https://download.daj.co.jp/user/ifb/"}, {"source": "vultures@jpcert.or.jp", "tags": ["Permissions Required", "Vendor Advisory"], "url": "https://download.daj.co.jp/user/ifilter/V10/"}, {"source": "vultures@jpcert.or.jp", "tags": ["Permissions Required", "Vendor Advisory"], "url": "https://download.daj.co.jp/user/ifilter/V9/"}, {"source": "vultures@jpcert.or.jp", "tags": ["Third Party Advisory", "VDB Entry"], "url": "https://jvn.jp/en/jp/JVN33214411/index.html"}], "sourceIdentifier": "vultures@jpcert.or.jp", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-295"}], "source": "nvd@nist.gov", "type": "Primary"}]}