CVE-2021-20172

Exploit

EPSS 0.04%
Veröffentlicht 30.12.2021 22:15:09
Zuletzt bearbeitet 21.11.2024 05:46:03
Quelle vulnreport@tenable.com
Teams Watchlist Login
Unerledigt Login

All known versions of the Netgear Genie Installer for macOS contain a local privilege escalation vulnerability. The installer of the macOS version of Netgear Genie handles certain files in an insecure way. A malicious actor who has local access to the endpoint on which the software is going to be installed may overwrite certain files to obtain privilege escalation to root.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 4

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Netgear ≫ Genie Installer Version- SwPlatformmacos

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.04%	0.067

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7.8	1.8	5.9	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov	7.2	3.9	10	AV:L/AC:L/Au:N/C:C/I:C/A:C

CWE-732 Incorrect Permission Assignment for Critical Resource

The product specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors.

https://www.tenable.com/security/research/tra-2021-56

Third Party Advisory

Exploit

https://nvd.nist.gov/vuln/detail/CVE-2021-20172

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2021-20172

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2021-20172

EUVD