Lucene search

[email protected]CVE-2021-38469

HistoryOct 22, 2021 - 12:15 p.m.

CVE-2021-38469

2021-10-2212:15:00

CWE-427

[email protected]

web.nvd.nist.gov

security

dll vulnerability

exploit

uncontrolled search path

nvd

cve-2021-38469

7.1 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H

7.1 High

AI Score

Confidence

High

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:N/A:P

0.0005 Low

EPSS

Percentile

17.5%

JSON

Many of the services used by the affected product do not specify full paths for the DLLs they are loading. An attacker can exploit the uncontrolled search path by implanting their own DLL near the affected product’s binaries, thus hijacking the loaded DLL.

CPENameOperatorVersion
auvesy:versiondogauvesy versiondoglt8.0.0

CPE	Name	Operator	Version
auvesy:versiondog	auvesy versiondog	lt	8.0.0

References

us-cert.cisa.gov/ics/advisories/icsa-21-292-01

7.1 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H

7.1 High

AI Score

Confidence

High

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:N/A:P

0.0005 Low

EPSS

Percentile

17.5%

JSON

Related for CVE-2021-38469

cnvd1 prion1 ics1