CVE-2021-32466

CWE-4273 documents3 sources

Severity

7.0HIGH

EPSS

0.2%

top 54.66%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Trendmicro Housecall FOR Home Networks Trend Micro Trend Micro Housecall FOR Home Networks

Timeline

PublishedSep 29

Latest updateMay 24

Description

An uncontrolled search path element privilege escalation vulnerability in Trend Micro HouseCall for Home Networks version 5.3.1225 and below could allow an attacker to escalate privileges by placing a custom crafted file in a specific directory to load a malicious library. Please note that an attacker must first obtain the ability to execute low-privileged code on the target system to exploit this vulnerability.

CVSS vector

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.0 | Impact: 5.9

Affected Packages2 packages

▶CVEListV5trend_micro/trend_micro_housecall_for_home_networks5.3.1225 and below

▶NVDtrendmicro/housecall5.3.1225

Patches

Patch: helpcenter.trendmicro.com ↗Patch: helpcenter.trendmicro.com ↗

🔴Vulnerability Details

GHSA

GHSA-xq52-7mcc-4gqf: An uncontrolled search path element privilege escalation vulnerability in Trend Micro HouseCall for Home Networks version 5↗2022-05-24

▶

CVEList

CVE-2021-32466: An uncontrolled search path element privilege escalation vulnerability in Trend Micro HouseCall for Home Networks version 5↗2021-09-29

▶