CVE-2021-20172

Published: Dec 30, 2021Modified: Nov 21, 2024

7.8

Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Exploitability: 1.8 / Impact: 5.9

Source: NVD

Description

All known versions of the Netgear Genie Installer for macOS contain a local privilege escalation vulnerability. The installer of the macOS version of Netgear Genie handles certain files in an insecure way. A malicious actor who has local access to the endpoint on which the software is going to be installed may overwrite certain files to obtain privilege escalation to root.

Affected (1)

Products: Netgear: Genie Installer

1 product

Genie Installer

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Netgear Genie Installer	All versions

Related CWEs

Incorrect Permission Assignment for Critical Resource

The product specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors.

References (2)

https://www.tenable.com/security/research/tra-2021-56

Source: vulnreport@tenable.com

ExploitThird Party Advisory

https://www.tenable.com/security/research/tra-2021-56

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitThird Party Advisory

Timeline

No history available yet.