CVE-2021-31519

CWE-276Incorrect Default Permissions3 documents3 sources
Severity
7.3HIGH
EPSS
0.1%
top 74.02%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Trendmicro Housecall FOR Home NetworksTrend Micro Trend Micro Housecall FOR Home Networks
Timeline
PublishedMay 12
Latest updateMay 24

Description

An incorrect permission vulnerability in the product installer folders for Trend Micro HouseCall for Home Networks version 5.3.1179 and below could allow an attacker to escalate privileges by placing arbitrary code on a specified folder and have that code be executed by an Administrator who is running a scan. Please note that an attacker must first obtain the ability to execute low-privileged code on the target system to exploit this vulnerability.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:HExploitability: 1.3 | Impact: 5.9

Affected Packages2 packages

NVDtrendmicro/housecall5.3.1179

🔴Vulnerability Details

2
GHSA
GHSA-4xjw-g3w3-88q2: An incorrect permission vulnerability in the product installer folders for Trend Micro HouseCall for Home Networks version 52022-05-24
CVEList
CVE-2021-31519: An incorrect permission vulnerability in the product installer folders for Trend Micro HouseCall for Home Networks version 52021-05-12
CVE-2021-31519 (HIGH CVSS 7.3) | An incorrect permission vulnerabili | cvebase.io