CVE-2021-32466

7HIGH

Key Information:

Vendor
Trend Micro
Status
Trend Micro Housecall For Home Networks
Vendor
CVE Published:
29 September 2021

Summary

An uncontrolled search path element privilege escalation vulnerability in Trend Micro HouseCall for Home Networks version 5.3.1225 and below could allow an attacker to escalate privileges by placing a custom crafted file in a specific directory to load a malicious library. Please note that an attacker must first obtain the ability to execute low-privileged code on the target system to exploit this vulnerability.

Affected Version(s)

Trend Micro HouseCall for Home Networks 5.3.1225 and below

References

https://helpcenter.trendmicro.com/en-us/article/tmka-10626
x_refsource_MISC
https://helpcenter.trendmicro.com/ja-jp/article/TMKA-10621
x_refsource_MISC
https://www.zerodayinitiative.com/advisories/ZDI-21-1112/
x_refsource_MISC

CVSS V3.1

Score:
7
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
High
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.