Local Privilege Escalation Vulnerability in EXEMSI MSI Wrapper
CVE-2021-32415

7.8HIGH

Key Information:

Vendor: Msi
Status: Wrapper
Vendor: CVE Published:; 13 December 2022

What is CVE-2021-32415?

The EXEMSI MSI Wrapper contains a vulnerability that allows local privilege escalation via installers created with the software. This flaw exists in versions prior to 10.0.50 and from 6.0.91, potentially enabling an attacker to elevate their privileges on affected systems, thereby compromising the integrity and confidentiality of the system. Users are strongly advised to upgrade to the latest version to mitigate this risk.

References

http://msi.com

http://exemsi.com

https://improsec.com/tech-blog/privilege-escalation-vulne...

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Dec 13, 2022
Vulnerability Reserved
May 7, 2021

Msi

What is CVE-2021-32415?

References

CVSS V3.1

Timeline