Main Vulnerability Database Vulnerabilities #VU52590

#VU52590 Incorrect Privilege Assignment in HouseCall - CVE-2021-31519

Published: April 26, 2021 / Updated: September 16, 2021

Vulnerability identifier: #VU52590

Vulnerability risk: Low

CVSSv4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2021-31519

CWE-ID: CWE-266

Exploitation vector: Local access

Exploit availability: No public exploit available

Vulnerable software:
HouseCall

Software vendor:
Trend Micro

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to incorrect permissions set on product folders created by the installer, which leads to security restrictions bypass and privilege escalation.

Remediation

Install updates from vendor's website.

External links

https://www.zerodayinitiative.com/advisories/ZDI-21-475/
https://helpcenter.trendmicro.com/en-us/article/TMKA-10310

#VU52590 Incorrect Privilege Assignment in HouseCall - CVE-2021-31519

Description

Remediation

External links

Please verify you're human