CVE-2021-32466

Published: Sep 29, 2021Modified: Nov 21, 2024

7.0

Vector

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

Exploitability: 1.0 / Impact: 5.9

Source: NVD

Description

An uncontrolled search path element privilege escalation vulnerability in Trend Micro HouseCall for Home Networks version 5.3.1225 and below could allow an attacker to escalate privileges by placing a custom crafted file in a specific directory to load a malicious library. Please note that an attacker must first obtain the ability to execute low-privileged code on the target system to exploit this vulnerability.

Affected (1)

Products: Trendmicro: Housecall For Home Networks

1 product

Housecall For Home Networks

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Trendmicro Housecall For Home Networks	Up to 5.3.1225

Running on/with	Platform Versions
Microsoft Windows	All versions

Related CWEs

Uncontrolled Search Path Element

The product uses a fixed or controlled search path to find resources, but one or more locations in that path can be under the control of unintended actors.

References (6)

https://helpcenter.trendmicro.com/en-us/article/tmka-10626

Source: security@trendmicro.com

Vendor Advisory

https://helpcenter.trendmicro.com/ja-jp/article/TMKA-10621

Source: security@trendmicro.com

PatchVendor Advisory

https://www.zerodayinitiative.com/advisories/ZDI-21-1112/

Source: security@trendmicro.com

Third Party AdvisoryVDB Entry

https://helpcenter.trendmicro.com/en-us/article/tmka-10626

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

https://helpcenter.trendmicro.com/ja-jp/article/TMKA-10621

Source: af854a3a-2127-422b-91ae-364da2661108

PatchVendor Advisory

https://www.zerodayinitiative.com/advisories/ZDI-21-1112/

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryVDB Entry

Timeline

No history available yet.