What is CVE-2021-44751?

CVE-2021-44751 is a vulnerability affecting F-Secure SAFE browser that allows an attacker to trigger the dialer application and send unwanted USSD messages or perform unwanted calls.

What is the severity of CVE-2021-44751?

CVE-2021-44751 has a severity of medium, with a CVSS score of 5.3.

How can CVE-2021-44751 be exploited?

CVE-2021-44751 can be exploited by an attacker by directing the victim to a malicious website containing the specially crafted USSD code.

Is there a fix for CVE-2021-44751?

Yes, F-Secure has provided a fix for CVE-2021-44751. It is recommended to update to the latest version of F-Secure SAFE browser to mitigate the vulnerability.

Vulnerability/
CVE-2021-44751

medium

5.3

CWE

276

25/3/2022

4/8/2024

CVE-2021-44751: F-Secure SAFE Browser vulnerable to USSD attacks

Q: How does CVE-2021-44751 work?

CVE-2021-44751 works by exploiting a maliciously crafted website attached with USSD code in JavaScript or iFrame, which triggers the dialer application of F-Secure SAFE browser.

First published: Fri Mar 25 2022(Updated: )

A vulnerability affecting F-Secure SAFE browser was discovered. A maliciously crafted website attached with USSD code in JavaScript or iFrame can trigger dialer application from F-Secure browser which can be exploited by an attacker to send unwanted USSD messages or perform unwanted calls. In most modern Android OS, dialer application will require user interaction, however, some older Android OS may not need user interaction.

Credit: cve-notifications-us@f-secure.com

Affected Software	Affected Version	How to fix
F-secure Safe	<18.5

Remedy

FIX : A fix has been released in the automatic update channel since 22nd, March 2022. No user action is required.

Never miss a vulnerability like this again

Reference Links

https://www.f-secure.com/en/business/programs/vulnerability-reward-program/hall-of-fame

Frequently Asked Questions

What is CVE-2021-44751?
CVE-2021-44751 is a vulnerability affecting F-Secure SAFE browser that allows an attacker to trigger the dialer application and send unwanted USSD messages or perform unwanted calls.
What is the severity of CVE-2021-44751?
CVE-2021-44751 has a severity of medium, with a CVSS score of 5.3.
How does CVE-2021-44751 work?
CVE-2021-44751 works by exploiting a maliciously crafted website attached with USSD code in JavaScript or iFrame, which triggers the dialer application of F-Secure SAFE browser.
How can CVE-2021-44751 be exploited?
CVE-2021-44751 can be exploited by an attacker by directing the victim to a malicious website containing the specially crafted USSD code.
Is there a fix for CVE-2021-44751?
Yes, F-Secure has provided a fix for CVE-2021-44751. It is recommended to update to the latest version of F-Secure SAFE browser to mitigate the vulnerability.

collector/nvd-index
agent/type
agent/softwarecombine
collector/mitre-cve
source/MITRE
agent/author
agent/last-modified-date
agent/severity
agent/references
agent/remedy
agent/title
agent/weakness
agent/tags
agent/description
agent/first-publish-date
agent/event
vendor/f-secure
canonical/f-secure safe

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.