CVE-2021-22037

EPSS 0.13%
Published 29.10.2021 12:15:07
Last modified 21.11.2024 05:49:28
Source security@vmware.com
Teams watchlist Login
Open Login

Under certain circumstances, when manipulating the Windows registry, InstallBuilder uses the reg.exe system command. The full path to the command is not enforced, which results in a search in the search path until a binary can be identified. This makes the installer/uninstaller vulnerable to Path Interception by Search Order Hijacking, potentially allowing an attacker to plant a malicious reg.exe command so it takes precedence over the system command. The vulnerability only affects Windows installers.

Affected products Warnungen 0 Metrics 3 CWE 1 References 4

Data is provided by the National Vulnerability Database (NVD)

VMware ≫ Installbuilder SwPlatformwindows Version < 21.6.0

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.13%	0.296

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	7.8	1.8	5.9	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
nvd@nist.gov	4.4	3.4	6.4	AV:L/AC:M/Au:N/C:P/I:P/A:P

CWE-427 Uncontrolled Search Path Element

The product uses a fixed or controlled search path to find resources, but one or more locations in that path can be under the control of unintended actors.

https://blog.installbuilder.com/2021/10/installbuilder-2160-released.html

Vendor Advisory

Release Notes

https://nvd.nist.gov/vuln/detail/CVE-2021-22037

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2021-22037

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2021-22037

EUVD