CVE Vulnerability

CVE-2021-32466

An uncontrolled search path element privilege escalation vulnerability in Trend Micro HouseCall for Home Networks version 5.3.1225 and below could allow an attacker to escalate privileges by placing a custom crafted file in a specific directory to load a malicious library. Please note that an attacker must first obtain the ability to execute low-privileged code on the target system to exploit this vulnerability.

6.9 /10

CVSS v2.0 :

V3 Legend

Vector :

Exploitability : 3.4 / Impact : 10

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

Scope

7 /10

CVSS v3.0 : HIGH

V3 Legend

Vector :

Exploitability : 1 / Impact : 5.9

Attack Vector LOCAL

Attack Complexity HIGH

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References
Link Resource
https://www.zerodayinitiative.com/advisories/ZDI-21-1112/ Third Party Advisory VDB Entry
https://helpcenter.trendmicro.com/ja-jp/article/TMKA-10621 Patch Vendor Advisory
https://helpcenter.trendmicro.com/en-us/article/tmka-10626 Vendor Advisory
Configurations

Configuration 1
Information

Published : 2021-09-29 11:15

Updated : 2021-10-02 03:25

NVD link : CVE-2021-32466

Mitre link : CVE-2021-32466

Products Affected

Housecall For Home Networks

Trendmicro

CWE
CWE-427