CVE-2021-32466
Trend Micro HouseCall for Home Networks Uncontrolled Search Path Element Privilege Escalation Vulnerability
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
An uncontrolled search path element privilege escalation vulnerability in Trend Micro HouseCall for Home Networks version 5.3.1225 and below could allow an attacker to escalate privileges by placing a custom crafted file in a specific directory to load a malicious library. Please note that an attacker must first obtain the ability to execute low-privileged code on the target system to exploit this vulnerability.
Una vulnerabilidad de escalada de privilegios de elementos de búsqueda no controlada en Trend Micro HouseCall for Home Networks versión 5.3.1225 y por debajo, podría permitir a un atacante escalar privilegios al colocar un archivo diseñado a medida en un directorio específico para cargar una biblioteca maliciosa. Tenga en cuenta que un atacante debe obtener primero la capacidad de ejecutar código con pocos privilegios en el sistema de destino para explotar esta vulnerabilidad
This vulnerability allows local attackers to escalate privileges on affected installations of Trend Micro HouseCall for Home Networks. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
The specific flaw exists within the configuration of OpenSSL. The process loads an OpenSSL configuration file from an unsecured location. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of an administrator.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2021-05-07 CVE Reserved
- 2021-09-24 CVE Published
- 2023-03-08 EPSS Updated
- 2024-08-03 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-427: Uncontrolled Search Path Element
CAPEC
References (3)
URL | Tag | Source |
---|---|---|
https://www.zerodayinitiative.com/advisories/ZDI-21-1112 | Third Party Advisory |
URL | Date | SRC |
---|
URL | Date | SRC |
---|---|---|
https://helpcenter.trendmicro.com/ja-jp/article/TMKA-10621 | 2021-10-02 |
URL | Date | SRC |
---|---|---|
https://helpcenter.trendmicro.com/en-us/article/tmka-10626 | 2021-10-02 |
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Trendmicro Search vendor "Trendmicro" | Housecall For Home Networks Search vendor "Trendmicro" for product "Housecall For Home Networks" | <= 5.3.1225 Search vendor "Trendmicro" for product "Housecall For Home Networks" and version " <= 5.3.1225" | - |
Affected
| in | Microsoft Search vendor "Microsoft" | Windows Search vendor "Microsoft" for product "Windows" | - | - |
Safe
|