Incorrect Privilege Assignment in HouseCall - CVE-2021-31519

 

Incorrect Privilege Assignment in HouseCall - CVE-2021-31519

Published: April 26, 2021 / Updated: September 16, 2021


Vulnerability identifier: #VU52590
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2021-31519
CWE-ID: CWE-266
Exploitation vector: Local access
Exploit availability: No public exploit available
Vendor: Trend Micro
Affected software:
HouseCall

Detailed vulnerability description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to incorrect permissions set on product folders created by the installer, which leads to security restrictions bypass and privilege escalation.


How to mitigate CVE-2021-31519

Install updates from vendor's website.

Sources