cbcvebase.
CVE-2021-38469
published 2021-10-22

CVE-2021-38469: Many of the services used by the affected product do not specify full paths for the DLLs they are loading. An attacker can exploit the uncontrolled search path…

PriorityP426high7.1CVSS 3.1
AVLACLPRNUIRSUCNIHAH
EPSS
0.60%
44.0th percentile
Many of the services used by the affected product do not specify full paths for the DLLs they are loading. An attacker can exploit the uncontrolled search path by implanting their own DLL near the affected product’s binaries, thus hijacking the loaded DLL.

Affected

2 ranges
VendorProductVersion rangeFixed in
auvesyversiondog< 8.0.08.0.0
auvesyversiondogAll – 8.0

CVSS provenance

nvdv3.17.1HIGHCVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H
nvdv2.04.3MEDIUMAV:N/AC:M/Au:N/C:N/I:N/A:P
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.