CVE-2021-32466

Sažetak

An uncontrolled search path element privilege escalation vulnerability in Trend Micro HouseCall for Home Networks version 5.3.1225 and below could allow an attacker to escalate privileges by placing a custom crafted file in a specific directory to load a malicious library. Please note that an attacker must first obtain the ability to execute low-privileged code on the target system to exploit this vulnerability.

Reference

https://www.zerodayinitiative.com/advisories/ZDI-21-1112/
https://helpcenter.trendmicro.com/ja-jp/article/TMKA-10621
https://helpcenter.trendmicro.com/en-us/article/tmka-10626

CVSS

Base:	6.9
Impact:	10.0
Exploitability:	3.4

Pristup

Vektor	Složenost	Autentikacija
LOCAL	MEDIUM	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
COMPLETE	COMPLETE	COMPLETE

CVSS vektor

AV:L/AC:M/Au:N/C:C/I:C/A:C

Zadnje važnije ažuriranje

02-10-2021 - 15:25

Objavljeno

29-09-2021 - 11:15