CVE-2021-44751 MEDIUM

CVE-2021-44751: F-Secure SAFE Browser vulnerable to USSD attacks

Vendor F-Secure
Product F-Secure SAFE Browser for Android Version 18.5 & below
Published March 25, 2022
Last update August 4, 2024

CVSS base score

4.3/10
Attack vector Network
Attack complexity Low
Privileges required High
User interaction Required
Confidentiality Low
Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:L

What the vulnerability does

01Description

A vulnerability affecting F-Secure SAFE browser was discovered. A maliciously crafted website attached with USSD code in JavaScript or iFrame can trigger dialer application from F-Secure browser which can be exploited by an attacker to send unwanted USSD messages or perform unwanted calls. In most modern Android OS, dialer application will require user interaction, however, some older Android OS may not need user interaction.

Key dates

02Disclosure timeline

March 25, 2022 CVE published
August 4, 2024 Record updated