CVE-2021-20172

Exploit

EPSS 0.04%
Published 30.12.2021 22:15:09
Last modified 21.11.2024 05:46:03
Source vulnreport@tenable.com
Teams watchlist Login
Open Login

All known versions of the Netgear Genie Installer for macOS contain a local privilege escalation vulnerability. The installer of the macOS version of Netgear Genie handles certain files in an insecure way. A malicious actor who has local access to the endpoint on which the software is going to be installed may overwrite certain files to obtain privilege escalation to root.

Affected products Warnungen 0 Metrics 3 CWE 1 References 4

Data is provided by the National Vulnerability Database (NVD)

Netgear ≫ Genie Installer Version- SwPlatformmacos

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.04%	0.067

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	7.8	1.8	5.9	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov	7.2	3.9	10	AV:L/AC:L/Au:N/C:C/I:C/A:C

CWE-732 Incorrect Permission Assignment for Critical Resource

The product specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors.

https://www.tenable.com/security/research/tra-2021-56

Third Party Advisory

Exploit

https://nvd.nist.gov/vuln/detail/CVE-2021-20172

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2021-20172

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2021-20172

EUVD